From 8efd38a2acd90422d224e1fa1d4f626f7860bf65 Mon Sep 17 00:00:00 2001 From: Jason Helfman Date: Wed, 30 May 2012 22:26:15 +0000 Subject: - Address postgresql*-servers for crypt vulnerability (CVE-2012-2143) http://www.postgresql.org/about/news/1397/ With hat: pgsql --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3897d16b9c17..4f447d426e72 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,42 @@ Note: Please add new entries to the beginning of this file. --> + + databases/postgresql*-server -- crypt vulnerabilities + + + postgresql-server + 8.3.18_1 + 8.4.11_1 + 9.0.7_2 + 9.1.3_1 + 9.2.b1_1 + + + + +

The PostgreSQL Global Development Group reports:

+
Affected users are those who use the crypt(text, text) function + with DES encryption in the optional pg_crypto module. Passwords + affected are those that contain characters that cannot be + represented with 7-bit ASCII. If a password contains a character + that has the most significant bit set (0x80), and DES encryption + is used, that character and all characters after it will be ignored.
+

+ + + + CVE-2012-2143 + http://www.postgresql.org/about/news/1397/ + http://git.postgresql.org/gitweb/?p=postgresql.git;a=patch;h=932ded2ed51e8333852e370c7a6dad75d9f236f9 + + + 2012-05-30 + 2012-05-30 + + + nut -- upsd can be remotely crashed -- cgit v1.2.3