First published: Wed Jul 18 2012(Updated: )
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Opensuse Project Opensuse | =12.2 | |
PostgreSQL PostgreSQL | =8.4 | |
PostgreSQL PostgreSQL | =8.4.1 | |
PostgreSQL PostgreSQL | =8.4.2 | |
PostgreSQL PostgreSQL | =8.4.3 | |
PostgreSQL PostgreSQL | =8.4.4 | |
PostgreSQL PostgreSQL | =8.4.5 | |
PostgreSQL PostgreSQL | =8.4.6 | |
PostgreSQL PostgreSQL | =8.4.7 | |
PostgreSQL PostgreSQL | =8.4.8 | |
PostgreSQL PostgreSQL | =8.4.9 | |
PostgreSQL PostgreSQL | =8.4.10 | |
PostgreSQL PostgreSQL | =9.0 | |
PostgreSQL PostgreSQL | =9.0.1 | |
PostgreSQL PostgreSQL | =9.0.2 | |
PostgreSQL PostgreSQL | =9.0.3 | |
PostgreSQL PostgreSQL | =9.0.4 | |
PostgreSQL PostgreSQL | =9.0.5 | |
PostgreSQL PostgreSQL | =9.0.6 | |
Debian Debian Linux | =6.0 | |
Redhat Desktop Workstation | =5 | |
Redhat Enterprise Linux | =5.0 | |
Redhat Enterprise Linux Desktop | =5.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Hpc Node | =6.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server Aus | =6.2 | |
Redhat Enterprise Linux Server Eus | =6.2.z | |
Redhat Enterprise Linux Workstation | =6.0 | |
PostgreSQL PostgreSQL | =9.1 | |
PostgreSQL PostgreSQL | =9.1.1 | |
PostgreSQL PostgreSQL | =9.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.