ID de Prueba:	1.3.6.1.4.1.25623.1.0.881292
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for postgresql CESA-2011:0197 centos5 x86_64
Resumen:	The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'postgresql' package(s) announced via the referenced advisory. Vulnerability Insight: PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. For Red Hat Enterprise Linux 4, the updated postgresql packages contain a backported patch for this issue. There are no other changes. For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the linked PostgreSQL Release Notes for a full list of changes. For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the linked PostgreSQL Release Notes for a full list of changes. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. Affected Software/OS: postgresql on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4015 BugTraq ID: 46084 http://www.securityfocus.com/bid/46084 Debian Security Information: DSA-2157 (Google Search) http://www.debian.org/security/2011/dsa-2157 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://www.mandriva.com/security/advisories?name=MDVSA-2011:021 http://osvdb.org/70740 http://www.redhat.com/support/errata/RHSA-2011-0197.html http://www.redhat.com/support/errata/RHSA-2011-0198.html http://secunia.com/advisories/43144 http://secunia.com/advisories/43154 http://secunia.com/advisories/43155 http://secunia.com/advisories/43187 http://secunia.com/advisories/43188 http://secunia.com/advisories/43240 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.ubuntu.com/usn/USN-1058-1 http://www.vupen.com/english/advisories/2011/0262 http://www.vupen.com/english/advisories/2011/0278 http://www.vupen.com/english/advisories/2011/0283 http://www.vupen.com/english/advisories/2011/0287 http://www.vupen.com/english/advisories/2011/0299 http://www.vupen.com/english/advisories/2011/0303 http://www.vupen.com/english/advisories/2011/0349 XForce ISS Database: postgresql-gettoken-buffer-overflow(65060) https://exchange.xforce.ibmcloud.com/vulnerabilities/65060
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.