Описание
ELSA-2012-0677: postgresql security update (MODERATE)
[8.1.23-4]
- Back-port upstream fixes for CVE-2012-0866 and CVE-2012-0868 Resolves: #812070
[8.1.23-3]
- Back-port upstream fix for unregistering OpenSSL callbacks at close Resolves: #728828
[8.1.23-2]
- Back-port upstream fix for CVE-2011-2483 Resolves: #740738
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
postgresql
8.1.23-4.el5_8
postgresql-contrib
8.1.23-4.el5_8
postgresql-devel
8.1.23-4.el5_8
postgresql-docs
8.1.23-4.el5_8
postgresql-libs
8.1.23-4.el5_8
postgresql-pl
8.1.23-4.el5_8
postgresql-python
8.1.23-4.el5_8
postgresql-server
8.1.23-4.el5_8
postgresql-tcl
8.1.23-4.el5_8
postgresql-test
8.1.23-4.el5_8
Oracle Linux x86_64
postgresql
8.1.23-4.el5_8
postgresql-contrib
8.1.23-4.el5_8
postgresql-devel
8.1.23-4.el5_8
postgresql-docs
8.1.23-4.el5_8
postgresql-libs
8.1.23-4.el5_8
postgresql-pl
8.1.23-4.el5_8
postgresql-python
8.1.23-4.el5_8
postgresql-server
8.1.23-4.el5_8
postgresql-tcl
8.1.23-4.el5_8
postgresql-test
8.1.23-4.el5_8
Oracle Linux i386
postgresql
8.1.23-4.el5_8
postgresql-contrib
8.1.23-4.el5_8
postgresql-devel
8.1.23-4.el5_8
postgresql-docs
8.1.23-4.el5_8
postgresql-libs
8.1.23-4.el5_8
postgresql-pl
8.1.23-4.el5_8
postgresql-python
8.1.23-4.el5_8
postgresql-server
8.1.23-4.el5_8
postgresql-tcl
8.1.23-4.el5_8
postgresql-test
8.1.23-4.el5_8
Связанные CVE
Связанные уязвимости
ELSA-2012-0678: postgresql and postgresql84 security update (MODERATE)
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3 ...