| |||||||||||||||||||
Pardus alert 2010-24 (postgresql-server)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-24 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-02-02 Severity: 4 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in Postgresql, which can be exploited by malicious people to cause denial of service via application crash. Description =========== The vulnerability is caused from the implementation of substring() function. When it is called with negative length number, it is possible to cause application crash which results in dropping all active database connections. Affected packages: Pardus 2009: postgresql-server, all before 8.3.9-25-8 Resolution ========== There are update(s) for postgresql-server. You can update them via Package Manager or with a single command from console: pisi up postgresql-server References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12165 * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0442 * http://intevydis.blogspot.com/2010/01/postgresql-8023-bit... * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0442 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||