Ubuntu USN-753-1 (postgresql-8.3) Network Vulnerability

Summary

The remote host is missing an update to postgresql-8.3 announced via advisory USN-753-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-8.1 8.1.17-0ubuntu0.6.06.1 Ubuntu 8.04 LTS: postgresql-8.3 8.3.7-0ubuntu8.04.1 Ubuntu 8.10: postgresql-8.3 8.3.7-0ubuntu8.10.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-753-1

Insight

It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service.

Severity

Classification

CVE	CVE-2008-4307, CVE-2008-6107, CVE-2009-0028, CVE-2009-0029, CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-0922

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Take action and discover your vulnerabilities