Packages
- postgresql-8.3 - Object-relational SQL database
- postgresql-8.4 - Object-relational SQL database
Details
It was discovered that the blowfish algorithm in the pgcrypto module
incorrectly handled certain 8-bit characters, resulting in the password
hashes being easier to crack than expected. An attacker who could obtain
the password hashes would be able to recover the plaintext with less
effort.
It was discovered that the blowfish algorithm in the pgcrypto module
incorrectly handled certain 8-bit characters, resulting in the password
hashes being easier to crack than expected. An attacker who could obtain
the password hashes would be able to recover the plaintext with less
effort.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 8.04 hardy | postgresql-8.3 – 8.3.16-0ubuntu0.8.04 | ||
| 11.04 natty | postgresql-8.4 – 8.4.9-0ubuntu0.11.04 | ||
| 10.10 maverick | postgresql-8.4 – 8.4.9-0ubuntu0.10.10 | ||
| 10.04 lucid | postgresql-8.4 – 8.4.9-0ubuntu0.10.04 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.