Red Hat Customer Portal

Skip to main content

CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."

Details Source

Mitre

Statement

This issue affects the version of postgresql as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of postgresql84, as shipped with Red Hat Enterprise Linux 5. Red Hat Security Response Team has rated this issue as having low security impact. A future update might address this flaw.

Public Date

2013-04-04 00:00:00

Impact

Low

Bugzilla

CVE-2013-1900 postgresql: Improper randomization of pgcrypto functions (requiring random seed)

Bugzilla ID

929 255

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:P/I:N/A:N

Acknowledgements

Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Marko Kreen as the original issue reporter.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (postgresql) RHSA-2013:1475 2013-10-29
Red Hat Enterprise Linux 5 (postgresql84) RHSA-2013:1475 2013-10-29

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 postgresql Fix deferred