View Single Post
  #1   (View Single Post)  
Old 27th September 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506
Default PostgreSQL developers fix weakened passwords


The PostgreSQL developers have released minor version updates for all active branches of their open source SQL database. Versions 9.1.1, 9.0.5, 8.4.9, 8.3.16 and 8.2.22 of PostgreSQL close a security hole which resulted in weakened passwords, and address a number of bugs found in previous versions including crashing and data-corruption issues.

According to the developers, the updates fix a vulnerability in the Blowfish encryption code used by contrib/pg_crypto that could cause encrypted passwords to be "weaker than they should be"; the same bug was recently diagnosed and fixed in PHP 5.3.7 (CVE-2011-2483).
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote