Test ID:	1.3.6.1.4.1.25623.1.0.67404
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2051-1)
Summary:	The remote host is missing an update for the Debian 'postgresql-8.3' package(s) announced via the DSA-2051-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'postgresql-8.3' package(s) announced via the DSA-2051-1 advisory. Vulnerability Insight: Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1169 Tim Bunce discovered that the implementation of the procedural language PL/Perl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Perl code. CVE-2010-1170 Tom Lane discovered that the implementation of the procedural language PL/Tcl insufficiently restricts the subset of allowed code, which allows authenticated users the execution of arbitrary Tcl code. CVE-2010-1975 It was discovered that an unprivileged user could reset superuser-only parameter settings. For the stable distribution (lenny), these problems have been fixed in version 8.3.11-0lenny1. This update also introduces a fix for CVE-2010-0442, which was originally scheduled for the next Lenny point update. For the unstable distribution (sid), these problems have been fixed in version 8.4.4-1 of postgresql-8.4. We recommend that you upgrade your postgresql-8.3 packages. Affected Software/OS: 'postgresql-8.3' package(s) on Debian 5. Solution: Please install the updated package(s). CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0442 1023510 http://securitytracker.com/id?1023510 37973 http://www.securityfocus.com/bid/37973 39566 http://secunia.com/advisories/39566 39820 http://secunia.com/advisories/39820 39939 http://secunia.com/advisories/39939 ADV-2010-1022 http://www.vupen.com/english/advisories/2010/1022 ADV-2010-1197 http://www.vupen.com/english/advisories/2010/1197 ADV-2010-1207 http://www.vupen.com/english/advisories/2010/1207 ADV-2010-1221 http://www.vupen.com/english/advisories/2010/1221 DSA-2051 http://www.debian.org/security/2010/dsa-2051 MDVSA-2010:103 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 RHSA-2010:0427 http://www.redhat.com/support/errata/RHSA-2010-0427.html RHSA-2010:0428 http://www.redhat.com/support/errata/RHSA-2010-0428.html RHSA-2010:0429 http://www.redhat.com/support/errata/RHSA-2010-0429.html USN-933-1 http://ubuntu.com/usn/usn-933-1 [oss-security] 20100127 Re: CVE id request: postgresql bitsubstr overflow http://www.openwall.com/lists/oss-security/2010/01/27/5 [pgsql-committers] 20100107 pgsql: Make bit/varbit substring() treat any negative length as meaning http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php [pgsql-hackers] 20100107 Re: Patch: Allow substring/replace() to get/set bit values http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=75dea10196c31d98d98c0bafeeb576ae99c09b12 http://git.postgresql.org/gitweb?p=postgresql.git%3Ba=commit%3Bh=b15087cb39ca9e4bde3c8920fcee3741045d2b83 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html https://bugzilla.redhat.com/show_bug.cgi?id=559194 https://bugzilla.redhat.com/show_bug.cgi?id=559259 oval:org.mitre.oval:def:9720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 postgresql-substring-bo(55902) https://exchange.xforce.ibmcloud.com/vulnerabilities/55902 Common Vulnerability Exposure (CVE) ID: CVE-2010-1169 1023988 http://www.securitytracker.com/id?1023988 39815 http://secunia.com/advisories/39815 39845 http://secunia.com/advisories/39845 39898 http://secunia.com/advisories/39898 40215 http://www.securityfocus.com/bid/40215 64755 http://osvdb.org/64755 ADV-2010-1167 http://www.vupen.com/english/advisories/2010/1167 ADV-2010-1182 http://www.vupen.com/english/advisories/2010/1182 ADV-2010-1198 http://www.vupen.com/english/advisories/2010/1198 FEDORA-2010-8696 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html FEDORA-2010-8715 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html FEDORA-2010-8723 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 RHSA-2010:0430 http://www.redhat.com/support/errata/RHSA-2010-0430.html SSRT100617 SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html [oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request http://www.openwall.com/lists/oss-security/2010/05/20/5 http://www.postgresql.org/about/news.1203 http://www.postgresql.org/docs/current/static/release-7-4-29.html http://www.postgresql.org/docs/current/static/release-8-0-25.html http://www.postgresql.org/docs/current/static/release-8-1-21.html http://www.postgresql.org/docs/current/static/release-8-2-17.html http://www.postgresql.org/docs/current/static/release-8-3-11.html http://www.postgresql.org/docs/current/static/release-8-4-4.html http://www.postgresql.org/support/security https://bugzilla.redhat.com/show_bug.cgi?id=582615 https://bugzilla.redhat.com/show_bug.cgi?id=588269 oval:org.mitre.oval:def:10645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645 postgresql-safe-code-execution(58693) https://exchange.xforce.ibmcloud.com/vulnerabilities/58693 Common Vulnerability Exposure (CVE) ID: CVE-2010-1170 1023987 http://www.securitytracker.com/id?1023987 64757 http://osvdb.org/64757 https://bugzilla.redhat.com/show_bug.cgi?id=583072 oval:org.mitre.oval:def:10510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510 Common Vulnerability Exposure (CVE) ID: CVE-2010-1447 40049 http://secunia.com/advisories/40049 40052 http://secunia.com/advisories/40052 40305 http://www.securityfocus.com/bid/40305 64756 http://osvdb.org/64756 DSA-2267 http://www.debian.org/security/2011/dsa-2267 MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 MDVSA-2010:116 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 RHSA-2010:0457 http://www.redhat.com/support/errata/RHSA-2010-0457.html RHSA-2010:0458 http://www.redhat.com/support/errata/RHSA-2010-0458.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://security-tracker.debian.org/tracker/CVE-2010-1447 https://bugs.launchpad.net/bugs/cve/2010-1447 oval:org.mitre.oval:def:11530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530 oval:org.mitre.oval:def:7320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320 Common Vulnerability Exposure (CVE) ID: CVE-2010-1975 BugTraq ID: 40304 http://www.securityfocus.com/bid/40304 Debian Security Information: DSA-2051 (Google Search) HPdes Security Advisory: HPSBMU02781 HPdes Security Advisory: SSRT100617 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.