Mandriva Update For Postgresql MDVSA-2011:161 (postgresql) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in postgresql: contrib/pg_crypto&amp #039 s blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be (CVE-2011-2483). Additionally corrected ossp-uuid packages as well as corrected support in postgresql 9.0.x are being provided for Mandriva Linux 2011. This update provides a solution to this vulnerability.

Affected

postgresql on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2011-2483

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:133 (irssi)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:154 (dhcp)
Mandrake Security Advisory MDVSA-2009:109 (quagga)
Mandrake Security Advisory MDVSA-2009:155 (git)

Mandriva Update for postgresql MDVSA-2011:161 (postgresql)

Take action and discover your vulnerabilities