LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

postgresql: multiple vulnerabilities

Package(s):postgresql-8.3, postgresql-8.4, postgresql-9.1 CVE #(s):CVE-2012-2143 CVE-2012-2655
Created:June 5, 2012 Updated:September 28, 2012
Description: From the Ubuntu advisory:

It was discovered that PostgreSQL incorrectly handled certain bytes passed to the crypt() function when using DES encryption. An attacker could use this flaw to incorrectly handle authentication. (CVE-2012-2143)

It was discovered that PostgreSQL incorrectly handled SECURITY DEFINER and SET attributes on procedural call handlers. An attacker could use this flaw to cause PostgreSQL to crash, leading to a denial of service. (CVE-2012-2655)

Alerts:
Ubuntu USN-1461-1 2012-06-05
Debian DSA-2491-1 2012-06-09
Mandriva MDVSA-2012:093 2012-06-15
Mandriva MDVSA-2012:092 2012-06-15
Fedora FEDORA-2012-8915 2012-06-15
Fedora FEDORA-2012-8893 2012-06-15
Fedora FEDORA-2012-8924 2012-06-15
Ubuntu USN-1481-1 2012-06-19
Red Hat RHSA-2012:1036-01 2012-06-25
Red Hat RHSA-2012:1037-01 2012-06-25
CentOS CESA-2012:1036 2012-06-25
CentOS CESA-2012:1037 2012-06-25
Oracle ELSA-2012-1036 2012-06-26
Oracle ELSA-2012-1037 2012-06-26
Red Hat RHSA-2012:1046-01 2012-06-27
Red Hat RHSA-2012:1047-01 2012-06-27
CentOS CESA-2012:1047 2012-06-27
Oracle ELSA-2012-1047 2012-06-28
Fedora FEDORA-2012-9490 2012-06-30
Fedora FEDORA-2012-9490 2012-06-30
Oracle ELSA-2012-1037 2012-06-30
Oracle ELSA-2012-1046 2012-06-30
Fedora FEDORA-2012-9762 2012-07-02
Fedora FEDORA-2012-9762 2012-07-02
Fedora FEDORA-2012-9762 2012-07-02
openSUSE openSUSE-SU-2012:0826-1 2012-07-04
SUSE SUSE-SU-2012:0840-1 2012-07-05
Scientific Linux SL-php5-20120705 2012-07-05
Scientific Linux SL-post-20120705 2012-07-05
Scientific Linux SL-post-20120709 2012-07-09
Scientific Linux SL-php-20120709 2012-07-09
CentOS CESA-2012:1037 2012-07-10
CentOS CESA-2012:1046 2012-07-10
Oracle ELSA-2012-1263 2012-09-14
Gentoo 201209-03 2012-09-23
openSUSE openSUSE-SU-2012:1251-1 2012-09-26
Gentoo 201209-24 2012-09-28
openSUSE openSUSE-SU-2012:1288-1 2012-10-04
openSUSE openSUSE-SU-2012:1299-1 2012-10-06
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds