Mandriva Update For Postgresql MDVSA-2012:026 (postgresql) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been discovered and corrected in postgresql: Permissions on a function called by a trigger are not properly checked (CVE-2012-0866). SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities (CVE-2012-0867). Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file (CVE-2012-0868). This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.

Affected

postgresql on Mandriva Linux 2011.0, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-0866, CVE-2012-0867, CVE-2012-0868

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:007 (ntp)
Mandrake Security Advisory MDVSA-2009:129 (file)
Mandrake Security Advisory MDVSA-2009:119 (kernel)
Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:139 (libtorrent-rasterbar)

Mandriva Update for postgresql MDVSA-2012:026 (postgresql)

Take action and discover your vulnerabilities