Debian Security Advisory DSA 2051-1 (postgresql-8.3)

The remote host is missing an update to postgresql-8.3 announced via advisory DSA 2051-1.

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings. For the stable distribution (lenny), these problems have been fixed in version 8.3.11-0lenny1. This update also introduces a fix for CVE-2010-0442, which was originally scheduled for the next Lenny point update. For the unstable distribution (sid), these problems have been fixed in version 8.4.4-1 of postgresql-8.4. We recommend that you upgrade your postgresql-8.3 packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202051-1