Mandriva Linux Security Advisory 2009:333: postgresql

Multiple vulnerabilities was discovered and corrected in postgresql:

NULL Bytes in SSL Certificates can be used to falsify client or server
authentication. This only affects users who have SSL enabled, perform
certificate name validation or client certificate authentication,
and where the Certificate Authority (CA) has been tricked into
issuing invalid certificates. The use of a CA that can be trusted to
always issue valid certificates is recommended to ensure you are not
vulnerable to this issue (CVE-2009-4034).

Privilege escalation via changing session state in an index
function. This closes a corner case related to vulnerabilities
CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).

Packages for 2008.0 are being provided due to extended support for
Corporate products.

This update provides a solution to these vulnerabilities.


Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board