Mandriva Security Advisory MDVSA-2009:251-1 (postgresql8.2)

Summary
The remote host is missing an update to postgresql8.2 announced via advisory MDVSA-2009:251-1.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:251-1
Insight
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by re-LOAD-ing libraries from a certain plugins directory (CVE-2009-3229). The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600 (CVE-2009-3230). The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password (CVE-2009-3231). This update provides a fix for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0