View Single Post
  #1   (View Single Post)  
Old 27th September 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,504
Default PostgreSQL developers fix weakened passwords

From http://h-online.com/-1349959

Quote:
The PostgreSQL developers have released minor version updates for all active branches of their open source SQL database. Versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22 of PostgreSQL close a security hole which resulted in weakened passwords, and address a number of bugs found in previous versions including crashing and data-corruption issues.

According to the developers, the updates fix a vulnerability in the Blowfish encryption code used by contrib/pg_crypto that could cause encrypted passwords to be "weaker than they should be"; the same bug was recently diagnosed and fixed in PHP 5.3.7 (CVE-2011-2483).
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote