LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

postgresql: multiple vulnerabilities

Package(s):postgresql CVE #(s):CVE-2009-4034 CVE-2009-4136
Created:December 15, 2009 Updated:May 28, 2010
Description: From the Mandriva advisory:

NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue (CVE-2009-4034).

Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).

Alerts:
Gentoo 201110-22 2011-10-25
CentOS CESA-2010:0429 2010-05-28
CentOS CESA-2010:0428 2010-05-22
CentOS CESA-2010:0427 2010-05-22
Red Hat RHSA-2010:0427-01 2010-05-19
Red Hat RHSA-2010:0429-01 2010-05-19
Red Hat RHSA-2010:0428-01 2010-05-19
rPath rPSA-2010-0012-1 2010-03-07
SuSE SUSE-SR:2010:001 2010-01-19
Ubuntu USN-876-1 2010-01-04
Debian DSA-1964-1 2009-12-31
Fedora FEDORA-2009-13363 2009-12-18
Fedora FEDORA-2009-13381 2009-12-18
Mandriva MDVSA-2009:333 2009-12-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds