| Description: | Summary:
The remote host is missing updates announced in
advisory GLSA 201110-22.
Vulnerability Insight:
Multiple vulnerabilities in the PostgreSQL server and client allow
remote attacker to conduct several attacks, including the execution of
arbitrary code and Denial of Service.
Solution:
All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.2.22:8.2'
All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.3.16:8.3'
All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.4.9:8.4'
All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-9.0.5:9.0'
All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.2.22:8.2'
All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.3.16:8.3'
All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.4.9:8.4'
All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-9.0.5:9.0'
The old unsplit PostgreSQL packages have been removed from portage.
Users still using them are urged to migrate to the new PostgreSQL
packages as stated above and to remove the old package:
# emerge --unmerge 'dev-db/postgresql'
CVSS Score:
8.5
CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
