[SECURITY] [DSA 2418-1] postgresql-8.4 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2418-1 security@xxxxxxxxxx
http://www.debian.org/security/ Moritz Muehlenhoff
February 27, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : postgresql-8.4
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-0866 CVE-2012-0867 CVE-2012-0868

Several local vulnerabilities have been discovered in PostgreSQL, an
object-relational SQL database. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2012-0866

It was discovered that the permissions of a function called by a
trigger are not checked. This could result in privilege escalation.

CVE-2012-0867

It was discovered that only the first 32 characters of a host name
are checked when validating host names through SSL certificates.
This could result in spoofing the connection in limited
circumstances.

CVE-2012-0868

It was discovered that pg_dump did not sanitise object names.
This could result in arbitrary SQL command execution if a
malformed dump file is opened.

For the stable distribution (squeeze), this problem has been fixed in
version 8.4.11-0squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 8.4.11-1.

We recommend that you upgrade your postgresql-8.4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk9LwJ4ACgkQXm3vHE4uyloAzgCfY91eNaRw1c0BbV5h+nDyPCid
RMkAnj9R/A/5oW22U9vRx97RHkd8yDc2
=T+uw
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [SECURITY] [DSA 2418-1] postgresql-8.4 security update
    ... object-relational SQL database. ... The Common Vulnerabilities and Exposures ... For the stable distribution, this problem has been fixed in ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [Full-disclosure] [SECURITY] [DSA 2642-1] sudo security update
    ... Several vulnerabilities have been discovered in sudo, ... For the stable distribution, these problems have been fixed in ... We recommend that you upgrade your sudo packages. ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [SECURITY] [DSA 2642-1] sudo security update
    ... Several vulnerabilities have been discovered in sudo, ... For the stable distribution, these problems have been fixed in ... We recommend that you upgrade your sudo packages. ... Further information about Debian Security Advisories, ...
    (Bugtraq)
  • [Full-disclosure] [SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update
    ... Dominic Hargreaves and Niko Tyni discovered two format string ... vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml ... For the stable distribution, this problem has been fixed in ... Further information about Debian Security Advisories, ...
    (Full-Disclosure)
  • [SECURITY] [DSA 2432-1] libyaml-libyaml-perl security update
    ... Dominic Hargreaves and Niko Tyni discovered two format string ... vulnerabilities in YAML::LibYAML, a Perl interface to the libyaml ... For the stable distribution, this problem has been fixed in ... Further information about Debian Security Advisories, ...
    (Bugtraq)