CVE-2009-3229

NameCVE-2009-3229
DescriptionThe core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1900-1
NVD severitymedium (attack range: remote)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
postgresql-8.4 (PTS)squeeze8.4.21-0squeeze1fixed
squeeze (security)8.4.20-0squeeze1fixed
squeeze (lts)8.4.22lts4-0+deb6u1fixed
wheezy8.4.22-0+deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-7.4source(unstable)(not affected)
postgresql-7.4sourceetch1:7.4.26-0etch1mediumDSA-1900-1
postgresql-8.1source(unstable)(not affected)
postgresql-8.1sourceetch8.1.18-0etch1mediumDSA-1900-1
postgresql-8.3source(unstable)8.3.8-1medium
postgresql-8.3sourcelenny8.3.8-0lenny1mediumDSA-1900-1
postgresql-8.4source(unstable)8.4.1-1medium

Search for package or bug name: Reporting problems