Back to search

DSA-2658-1 postgresql-9.1 -- several vulnerabilities

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:S/C:C/I:C/A:C) April 04, 2013 April 05, 2013 March 03, 2014

Available Exploits 

Description

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

Upgrade Debian to resolve this vulnerability.

The security patch for this vulnerability has not been backported for Debian squeeze. This vulnerability can only be resolved by upgrading your Debian release to a supported version.

Related Vulnerabilities