magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents. For the oldstable distribution (lenny), this problem has been fixed in postgresql-8.3 version 8.3.16-0lenny1. For the stable distribution (squeeze), this problem has been fixed in postgresql-8.4 version 8.4.9-0squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in postgresql-8.4 version 8.4.9-1, postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1. The updates also include reliability improvements, originally scheduled for inclusion into the next point release; for details see the respective changelogs. We recommend that you upgrade your postgresql packages.
magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.
For the oldstable distribution (lenny), this problem has been fixed in postgresql-8.3 version 8.3.16-0lenny1.
For the stable distribution (squeeze), this problem has been fixed in postgresql-8.4 version 8.4.9-0squeeze1.
For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in postgresql-8.4 version 8.4.9-1, postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.
The updates also include reliability improvements, originally scheduled for inclusion into the next point release; for details see the respective changelogs.
We recommend that you upgrade your postgresql packages.