Ubuntu Local Security Checks : Ubuntu USN-876-1 (postgresql-8.4)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.66643

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-876-1 (postgresql-8.4)

Summary: Ubuntu USN-876-1 (postgresql-8.4)

Description: The remote host is missing an update to postgresql-8.4
announced via advisory USN-876-1.

Details follow:

It was discovered that PostgreSQL did not properly handle certificates with
NULL characters in the Common Name field of X.509 certificates. An attacker
could exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2009-4034)

It was discovered that PostgreSQL did not properly manage session-local
state. A remote authenticated user could exploit this to escalate
priviliges within PostgreSQL. (CVE-2009-4136)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
postgresql-8.1 8.1.19-0ubuntu0.6.06

Ubuntu 8.04 LTS:
postgresql-8.3 8.3.9-0ubuntu8.04

Ubuntu 8.10:
postgresql-8.3 8.3.9-0ubuntu8.10

Ubuntu 9.04:
postgresql-8.3 8.3.9-0ubuntu9.04

Ubuntu 9.10:
postgresql-8.4 8.4.2-0ubuntu9.10

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-876-1

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4034
Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/509917/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:333
SuSE Security Announcement: SUSE-SR:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
BugTraq ID: 37334
http://www.securityfocus.com/bid/37334
http://osvdb.org/61038
http://www.securitytracker.com/id?1023325
http://secunia.com/advisories/37663
http://www.vupen.com/english/advisories/2009/3519
Common Vulnerability Exposure (CVE) ID: CVE-2009-4136
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
BugTraq ID: 37333
http://www.securityfocus.com/bid/37333
http://osvdb.org/61039
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9358
http://www.securitytracker.com/id?1023326
http://secunia.com/advisories/39820
http://www.vupen.com/english/advisories/2010/1197

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.66643
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-876-1 (postgresql-8.4)
Summary:	Ubuntu USN-876-1 (postgresql-8.4)
Description:	The remote host is missing an update to postgresql-8.4 announced via advisory USN-876-1. Details follow: It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034) It was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: postgresql-8.1 8.1.19-0ubuntu0.6.06 Ubuntu 8.04 LTS: postgresql-8.3 8.3.9-0ubuntu8.04 Ubuntu 8.10: postgresql-8.3 8.3.9-0ubuntu8.10 Ubuntu 9.04: postgresql-8.3 8.3.9-0ubuntu9.04 Ubuntu 9.10: postgresql-8.4 8.4.2-0ubuntu9.10 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-876-1 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search) http://www.securityfocus.com/archive/1/archive/1/509917/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 SuSE Security Announcement: SUSE-SR:2010:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html BugTraq ID: 37334 http://www.securityfocus.com/bid/37334 http://osvdb.org/61038 http://www.securitytracker.com/id?1023325 http://secunia.com/advisories/37663 http://www.vupen.com/english/advisories/2009/3519 Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 http://www.redhat.com/support/errata/RHSA-2010-0427.html http://www.redhat.com/support/errata/RHSA-2010-0428.html http://www.redhat.com/support/errata/RHSA-2010-0429.html BugTraq ID: 37333 http://www.securityfocus.com/bid/37333 http://osvdb.org/61039 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9358 http://www.securitytracker.com/id?1023326 http://secunia.com/advisories/39820 http://www.vupen.com/english/advisories/2010/1197
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com