Debian Security Advisory DSA 1460-1 (postgresql-8.1)

The remote host is missing an update to postgresql-8.1 announced via advisory DSA 1460-1.

Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bands read, resulting in a crash. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources. CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources. CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive ressource consumption. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources. CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. For the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. For the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. The old stable distribution (sarge), doesn't contain postgresql-8.1. We recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201460-1