Mandriva Update For Postgresql8.3 MDVSA-2012:027 (postgresql8.3) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Multiple vulnerabilities has been discovered and corrected in postgresql: Permissions on a function called by a trigger are not properly checked (CVE-2012-0866). Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file (CVE-2012-0868). This advisory provides the latest version of PostgreSQL that is not vulnerable to these issues.

Affected

postgresql8.3 on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2012-0866, CVE-2012-0868

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:212 (python)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:138 (tomcat5)
Mandrake Security Advisory MDVSA-2009:108 (zsh)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)

Mandriva Update for postgresql8.3 MDVSA-2012:027 (postgresql8.3)

Take action and discover your vulnerabilities