SUSE Linux Security Vulnerability: CVE-2012-0867
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | July 18, 2012 | December 12, 2013 | July 04, 2017 |
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
suse-upgrade-libecpg6Related Vulnerabilities
- ELSA-2012-1037 Moderate: Oracle Linux postgresql and postgresql84 security update
- Gentoo Linux: CVE-2012-0867: PostgreSQL: Multiple vulnerabilities
- Amazon Linux AMI: Security patch for postgresql8 (ALAS-2012-82) (multiple CVEs)
- ELSA-2012-0678 Moderate: Oracle Linux postgresql and postgresql84 security update
- RHSA-2012:0678: postgresql and postgresql84 security update
- DSA-2418-1 postgresql-8.4 -- several vulnerabilities
- FreeBSD: databases/postgresql*-client -- multiple vulnerabilities (Multiple CVEs)
- ELSA-2012-1263 Moderate: Oracle Linux postgresql and postgresql84 security update
- PostgreSQL class A vulnerability in core server, limited deployments: CVE-2012-0867
- USN-1378-1: PostgreSQL vulnerabilities