CVE-2013-1900

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.4.x through 8.4.16 PostgreSQL versions 9.0.x through 9.0.12 PostgreSQL versions 9.1.x through 9.1.8 PostgreSQL versions 9.2.x through 9.2.3 libpq5 versions (affected versions not specified) libpq5-32bit versions (affected versions not specified) libecpg6 versions (affected versions not specified)

Description The issue affects the generation of random numbers by the contrib/pgcrypto functions in PostgreSQL when using OpenSSL. This may allow remote authenticated users to have an unspecified impact. The vulnerability can be exploited remotely by an attacker who has passed the authentication procedure, potentially leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For PostgreSQL versions 8.4.x through 8.4.16, update to version 8.4.17 or later. For PostgreSQL versions 9.0.x through 9.0.12, update to version 9.0.13 or later. For PostgreSQL versions 9.1.x through 9.1.8, update to version 9.1.9 or later. For PostgreSQL versions 9.2.x through 9.2.3, update to version 9.2.4 or later. For libpq5, libpq5-32bit, and libecpg6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.