Vulnerabilities > CVE-2013-1900 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions." Per http://www.ubuntu.com/usn/USN-1789-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS Ubuntu 8.04 LTS"
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-244.NASL description An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255) A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900) last seen 2020-06-01 modified 2020-06-02 plugin id 70906 published 2013-11-14 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70906 title Amazon Linux AMI : postgresql8 (ALAS-2013-244) NASL family Fedora Local Security Checks NASL id FEDORA_2013-4951.NASL description - Update to PostgreSQL 9.2.4, for various fixes described at http://www.postgresql.org/docs/9.2/static/release-9-2-4. html including the fixes for CVE-2013-1899, CVE-2013-1900, CVE-2013-1901 - fix build for aarch64 and ppc64p7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-07 plugin id 65827 published 2013-04-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65827 title Fedora 18 : postgresql-9.2.4-1.fc18 (2013-4951) NASL family Fedora Local Security Checks NASL id FEDORA_2013-5000.NASL description - Update to PostgreSQL 9.1.9, for various fixes described at http://www.postgresql.org/docs/9.1/static/release-9-1-9. html including the fixes for CVE-2013-1899, CVE-2013-1900, CVE-2013-1901 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-07 plugin id 65828 published 2013-04-07 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65828 title Fedora 17 : postgresql-9.1.9-1.fc17 (2013-5000) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2013-004.NASL description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69878 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69878 title Mac OS X Multiple Vulnerabilities (Security Update 2013-004) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-307.NASL description postgresql was updated to version 9.1.9 (bnc#812525) : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with last seen 2020-06-05 modified 2014-06-13 plugin id 74963 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74963 title openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0627-1) NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_5.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69877 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69877 title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1475.NASL description From Red Hat Security Advisory 2013:1475 : Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255) A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original reporter of CVE-2013-0255, and Marko Kreen as the original reporter of CVE-2013-1900. These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-18.html After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions : * GiST indexes on box, polygon, circle, or point columns * GiST indexes for variable-width data types, that is text, bytea, bit, and numeric * GiST multi-column indexes All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 70692 published 2013-10-30 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70692 title Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2013-1475) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1475.NASL description Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255) A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original reporter of CVE-2013-0255, and Marko Kreen as the original reporter of CVE-2013-1900. These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-18.html After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions : * GiST indexes on box, polygon, circle, or point columns * GiST indexes for variable-width data types, that is text, bytea, bit, and numeric * GiST multi-column indexes All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 70687 published 2013-10-30 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70687 title CentOS 5 / 6 : postgresql / postgresql84 (CESA-2013:1475) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2657.NASL description A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. last seen 2020-03-17 modified 2013-04-05 plugin id 65812 published 2013-04-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65812 title Debian DSA-2657-1 : postgresql-8.4 - guessable random numbers NASL family Fedora Local Security Checks NASL id FEDORA_2013-6148.NASL description - Update to PostgreSQL 9.2.4, for various fixes described at http://www.postgresql.org/docs/9.2/static/release-9-2-4. html including the fixes for CVE-2013-1899, CVE-2013-1900, CVE-2013-1901 - fix build for aarch64 and ppc64p7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-22 plugin id 66168 published 2013-04-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66168 title Fedora 19 : postgresql-9.2.4-1.fc19 (2013-6148) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-306.NASL description postgresql was updated to version 9.2.4 (bnc#812525) : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with last seen 2020-06-05 modified 2014-06-13 plugin id 74962 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74962 title openSUSE Security Update : postgresql92 (openSUSE-SU-2013:0628-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1789-1.NASL description Mitsumasa Kondo and Kyotaro Horiguchi discovered that PostgreSQL incorrectly handled certain connection requests containing database names starting with a dash. A remote attacker could use this flaw to damage or destroy files within a server last seen 2020-06-01 modified 2020-06-02 plugin id 65818 published 2013-04-05 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65818 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1789-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1475.NASL description Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255) A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original reporter of CVE-2013-0255, and Marko Kreen as the original reporter of CVE-2013-1900. These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-18.html After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions : * GiST indexes on box, polygon, circle, or point columns * GiST indexes for variable-width data types, that is text, bytea, bit, and numeric * GiST multi-column indexes All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-06-01 modified 2020-06-02 plugin id 70696 published 2013-10-30 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70696 title RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2013:1475) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBECPG6-130402.NASL description This update to version 9.1.9 fixes : - Fix insecure parsing of server command-line switches. (CVE-2013-1899) - Reset OpenSSL randomness state in each postmaster child process. (CVE-2013-1900) - Make REPLICATION privilege checks test current user not authenticated user. (CVE-2013-1901) last seen 2020-06-05 modified 2013-04-07 plugin id 65829 published 2013-04-07 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65829 title SuSE 11.2 Security Update : PostgreSQL (SAT Patch Number 7585) NASL family Scientific Linux Local Security Checks NASL id SL_20131029_POSTGRESQL_AND_POSTGRESQL84_ON_SL5_X.NASL description An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255) A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900) These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release-8-4-18.html After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions : - GiST indexes on box, polygon, circle, or point columns - GiST indexes for variable-width data types, that is text, bytea, bit, and numeric - GiST multi-column indexes If the postgresql service is running, it will be automatically restarted after installing this update. last seen 2020-03-18 modified 2013-10-31 plugin id 70705 published 2013-10-31 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70705 title Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20131029) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3F332F169B6B11E28FE908002798F6FF.NASL description PostgreSQL project reports : The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update *immediately*. A major security issue (for versions 9.x only) fixed in this release, [CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013 -1899), makes it possible for a connection request containing a database name that begins with last seen 2020-06-01 modified 2020-06-02 plugin id 65841 published 2013-04-08 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65841 title FreeBSD : PostgreSQL -- anonymous remote access data corruption vulnerability (3f332f16-9b6b-11e2-8fe9-08002798f6ff) NASL family Databases NASL id POSTGRESQL_CVE20131900.NASL description The version of PostgreSQL installed on the remote host is 8.4.x prior to 8.4.17, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.9, or 9.2.x prior to 9.2.4. As such, it is potentially affected by an issue where random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. last seen 2020-06-01 modified 2020-06-02 plugin id 65856 published 2013-04-08 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65856 title PostgreSQL 8.4 < 8.4.17 / 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 Predictable Random Number Generator NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-178.NASL description Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a last seen 2020-06-01 modified 2020-06-02 plugin id 69737 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69737 title Amazon Linux AMI : postgresql9 (ALAS-2013-178) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-142.NASL description Multiple vulnerabilities has been discovered and corrected in postgresql : PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read (CVE-2013-0255). Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen) (CVE-2013-1899). PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. (CVE-2013-1900). PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions (CVE-2013-1901). This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66154 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66154 title Mandriva Linux Security Advisory : postgresql (MDVSA-2013:142) NASL family MacOS X Local Security Checks NASL id MACOSX_SERVER_2_2_2.NASL description The remote Mac OS X 10.8 host has a version of OS X Server installed that is prior to 2.2.2. It is, therefore, affected by the following vulnerabilities : - Two vulnerabilities exist in the included ClamAV software, the most serious of which could allow an attacker to execute arbitrary code remotely. (CVE-2013-2020 / CVE-2013-2021) - Three vulnerabilities exist in the included PostgreSQL software, the most serious of which could result in data corruption or privilege escalation. (CVE-2013-1899 / CVE-2013-1900 / CVE-2013-1901) - Multiple cross-site scripting issues exist in the included Wiki Server software (CVE-2013-1034) last seen 2020-06-01 modified 2020-06-02 plugin id 69932 published 2013-09-17 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69932 title Mac OS X : OS X Server < 2.2.2 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-15.NASL description The remote host is affected by the vulnerability described in GLSA-201408-15 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker may be able to create a Denial of Service condition, bypass security restrictions, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77459 published 2014-08-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77459 title GLSA-201408-15 : PostgreSQL: Multiple vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
- http://rhn.redhat.com/errata/RHSA-2013-1475.html
- http://support.apple.com/kb/HT5880
- http://support.apple.com/kb/HT5892
- http://www.debian.org/security/2013/dsa-2657
- http://www.debian.org/security/2013/dsa-2658
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.postgresql.org/about/news/1456/
- http://www.postgresql.org/docs/current/static/release-8-4-17.html
- http://www.postgresql.org/docs/current/static/release-9-0-13.html
- http://www.postgresql.org/docs/current/static/release-9-1-9.html
- http://www.postgresql.org/docs/current/static/release-9-2-4.html
- http://www.ubuntu.com/usn/USN-1789-1