Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2013-1899

Published: 4 April 2013

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).

Notes

AuthorNote
mdeslaur
looks like it's 9.0+ only

Priority

High

Status

Package Release Status
postgresql-9.1
Launchpad, Ubuntu, Debian
upstream
Released (9.1.9)
hardy Does not exist

lucid Does not exist

oneiric
Released (9.1.9-0ubuntu11.10)
precise
Released (9.1.9-0ubuntu12.04)
quantal
Released (9.1.9-0ubuntu12.10)
postgresql-8.4
Launchpad, Ubuntu, Debian
upstream
Released (8.4.17)
hardy Does not exist

lucid Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Does not exist

postgresql-8.3
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Not vulnerable

lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

postgresql-8.2
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Not vulnerable

lucid Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist