December 30, 2009

Debian Security Advisory 1964 postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilities

Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems:


It was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name (CVE-2009-4034)...



Click Here!