Test ID:	1.3.6.1.4.1.25623.1.0.57120
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200607-04 (postgresql)
Summary:	The remote host is missing updates announced in;advisory GLSA 200607-04.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200607-04. Vulnerability Insight: A flaw in the multibyte character handling allows execution of arbitrary SQL statements. Solution: All PostgreSQL users should upgrade to the latest version in the respective branch they are using: # emerge --sync # emerge --ask --oneshot --verbose dev-db/postgresql Note: While a fix exists for the 7.3 branch it doesn't currently work on Gentoo. All 7.3.x users of PostgreSQL should consider updating their installations to the 7.4 (or higher) branch as soon as possible! CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2313 BugTraq ID: 18092 http://www.securityfocus.com/bid/18092 Bugtraq: 20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15 (Google Search) http://www.securityfocus.com/archive/1/435038/100/0/threaded Bugtraq: 20060524 rPSA-2006-0080-1 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/435161/100/0/threaded Debian Security Information: DSA-1087 (Google Search) http://www.debian.org/security/2006/dsa-1087 http://security.gentoo.org/glsa/glsa-200607-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:098 http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10618 http://www.redhat.com/support/errata/RHSA-2006-0526.html http://securitytracker.com/id?1016142 http://secunia.com/advisories/20231 http://secunia.com/advisories/20232 http://secunia.com/advisories/20314 http://secunia.com/advisories/20435 http://secunia.com/advisories/20451 http://secunia.com/advisories/20503 http://secunia.com/advisories/20555 http://secunia.com/advisories/20653 http://secunia.com/advisories/20782 http://secunia.com/advisories/21001 SGI Security Advisory: 20060602-01-U ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SuSE Security Announcement: SUSE-SA:2006:030 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html http://www.trustix.org/errata/2006/0032/ https://usn.ubuntu.com/288-1/ http://www.ubuntu.com/usn/usn-288-2 http://www.vupen.com/english/advisories/2006/1941 XForce ISS Database: postgresql-multibyte-sql-injection(26627) https://exchange.xforce.ibmcloud.com/vulnerabilities/26627 Common Vulnerability Exposure (CVE) ID: CVE-2006-2314 http://www.osvdb.org/25731 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947 http://secunia.com/advisories/21749 SuSE Security Announcement: SUSE-SR:2006:021 (Google Search) http://www.novell.com/linux/security/advisories/2006_21_sr.html http://www.ubuntu.com/usn/usn-288-3 XForce ISS Database: postgresql-ascii-sql-injection(26628) https://exchange.xforce.ibmcloud.com/vulnerabilities/26628
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.