PostgreSQL is an advanced object-relational database management system(DBMS).The pg_dump utility inserted object names literally into comments in theSQL script it produces. An unprivileged database user could create anobject whose name includes a newline followed by an SQL command. This SQLcommand might then be executed by a privileged user during later restore ofthe backup dump, allowing privilege escalation. (CVE-2012-0868)When configured to do SSL certificate verification, PostgreSQL only checkedthe first 31 characters of the certificate's Common Name field. Dependingon the configuration, this could allow an attacker to impersonate a serveror a client using a certificate from a trusted Certificate Authority issuedfor a different name. (CVE-2012-0867)CREATE TRIGGER did not do a permissions check on the trigger function tobe called. This could possibly allow an authenticated database user tocall a privileged trigger function on data of their choosing.(CVE-2012-0866)These updated packages upgrade PostgreSQL to version 8.4.11, which fixesthese issues as well as several data-corruption issues and lessernon-security issues. Refer to the PostgreSQL Release Notes for a full listof changes:http://www.postgresql.org/docs/8.4/static/release.htmlAll PostgreSQL users are advised to upgrade to these updated packages,which correct these issues. If the postgresql service is running, it willbe automatically restarted after installing this update.