CVE-2013-1900 Information

Description

PostgreSQL 9.2.x before 9.2.4 9.1.x before 9.1.9 9.0.x before 9.0.13 and 8.4.x before 8.4.17 when using OpenSSL generates insufficiently random numbers which might allow remote authenticated users to have an unspecified impact via vectors related to the \contrib/pgcrypto functions.\

Reference

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html http://rhn.redhat.com/errata/RHSA-2013-1475.html http://support.apple.com/kb/HT5880 http://support.apple.com/kb/HT5892 http://www.debian.org/security/2013/dsa-2657 http://www.debian.org/security/2013/dsa-2658 http://www.mandriva.com/security/advisories?name=MDVSA-2013:142 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.postgresql.org/about/news/1456/ http://www.postgresql.org/docs/current/static/release-8-4-17.html http://www.postgresql.org/docs/current/static/release-9-0-13.html http://www.postgresql.org/docs/current/static/release-9-1-9.html http://www.postgresql.org/docs/current/static/release-9-2-4.html http://www.ubuntu.com/usn/USN-1789-1