 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.871691 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for postgresql RHSA-2016:2606-02 |
| Resumen: | The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'postgresql' package(s) announced via the referenced advisory. Vulnerability Insight: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es): * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423 and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Affected Software/OS: postgresql on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-5423 BugTraq ID: 92433 http://www.securityfocus.com/bid/92433 Debian Security Information: DSA-3646 (Google Search) http://www.debian.org/security/2016/dsa-3646 https://security.gentoo.org/glsa/201701-33 RedHat Security Advisories: RHSA-2016:1781 http://rhn.redhat.com/errata/RHSA-2016-1781.html RedHat Security Advisories: RHSA-2016:1820 http://rhn.redhat.com/errata/RHSA-2016-1820.html RedHat Security Advisories: RHSA-2016:1821 http://rhn.redhat.com/errata/RHSA-2016-1821.html RedHat Security Advisories: RHSA-2016:2606 http://rhn.redhat.com/errata/RHSA-2016-2606.html RedHat Security Advisories: RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:2425 http://www.securitytracker.com/id/1036617 Common Vulnerability Exposure (CVE) ID: CVE-2016-5424 BugTraq ID: 92435 http://www.securityfocus.com/bid/92435 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |