English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70785
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
Summary:Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
Description:The remote host is missing updates announced in
advisory GLSA 201110-22.

Multiple vulnerabilities in the PostgreSQL server and client allow
remote attacker to conduct several attacks, including the execution of
arbitrary code and Denial of Service.

Solution:
All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.2.22:8.2'


All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.3.16:8.3'


All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.4.9:8.4'


All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-9.0.5:9.0'


All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server
version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.2.22:8.2'


All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server
version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.3.16:8.3'


All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server
version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.4.9:8.4'


All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server
version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-9.0.5:9.0'


The old unsplit PostgreSQL packages have been removed from portage.
Users still using them are urged to migrate to the new PostgreSQL
packages as stated above and to remove the old package:

# emerge --unmerge 'dev-db/postgresql'


http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-22
http://bugs.gentoo.org/show_bug.cgi?id=261223
http://bugs.gentoo.org/show_bug.cgi?id=284274
http://bugs.gentoo.org/show_bug.cgi?id=297383
http://bugs.gentoo.org/show_bug.cgi?id=308063
http://bugs.gentoo.org/show_bug.cgi?id=313335
http://bugs.gentoo.org/show_bug.cgi?id=320967
http://bugs.gentoo.org/show_bug.cgi?id=339935
http://bugs.gentoo.org/show_bug.cgi?id=353387
http://bugs.gentoo.org/show_bug.cgi?id=384539

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0922
Bugtraq: 20090519 rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/503598/100/0/threaded
http://www.openwall.com/lists/oss-security/2009/03/11/4
http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php
http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00810.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00843.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:079
http://www.redhat.com/support/errata/RHSA-2009-1067.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-258808-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020455.1-1
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
BugTraq ID: 34090
http://www.securityfocus.com/bid/34090
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10874
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6252
http://www.securitytracker.com/id?1021860
http://secunia.com/advisories/34453
http://secunia.com/advisories/35100
http://www.vupen.com/english/advisories/2009/0767
http://www.vupen.com/english/advisories/2009/1316
Common Vulnerability Exposure (CVE) ID: CVE-2009-3229
Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/509917/100/0/threaded
Debian Security Information: DSA-1900 (Google Search)
http://www.us.debian.org/security/2009/dsa-1900
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
SuSE Security Announcement: SUSE-SR:2009:016 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
SuSE Security Announcement: SUSE-SR:2009:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://www.ubuntu.com/usn/usn-834-1
BugTraq ID: 36314
http://www.securityfocus.com/bid/36314
http://secunia.com/advisories/36660
http://secunia.com/advisories/36727
http://secunia.com/advisories/36837
http://secunia.com/advisories/36800
Common Vulnerability Exposure (CVE) ID: CVE-2009-3230
http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10166
http://secunia.com/advisories/36695
http://www.vupen.com/english/advisories/2009/2602
Common Vulnerability Exposure (CVE) ID: CVE-2009-3231
Common Vulnerability Exposure (CVE) ID: CVE-2009-4034
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:333
SuSE Security Announcement: SUSE-SR:2010:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
BugTraq ID: 37334
http://www.securityfocus.com/bid/37334
http://osvdb.org/61038
http://www.securitytracker.com/id?1023325
http://secunia.com/advisories/37663
http://www.vupen.com/english/advisories/2009/3519
Common Vulnerability Exposure (CVE) ID: CVE-2009-4136
http://www.redhat.com/support/errata/RHSA-2010-0427.html
http://www.redhat.com/support/errata/RHSA-2010-0428.html
http://www.redhat.com/support/errata/RHSA-2010-0429.html
BugTraq ID: 37333
http://www.securityfocus.com/bid/37333
http://osvdb.org/61039
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9358
http://www.securitytracker.com/id?1023326
http://secunia.com/advisories/39820
http://www.vupen.com/english/advisories/2010/1197
Common Vulnerability Exposure (CVE) ID: CVE-2010-0442
http://www.openwall.com/lists/oss-security/2010/01/27/5
http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php
http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
Debian Security Information: DSA-2051 (Google Search)
http://www.debian.org/security/2010/dsa-2051
http://www.mandriva.com/security/advisories?name=MDVSA-2010:103
http://ubuntu.com/usn/usn-933-1
BugTraq ID: 37973
http://www.securityfocus.com/bid/37973
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9720
http://securitytracker.com/id?1023510
http://secunia.com/advisories/39566
http://secunia.com/advisories/39939
http://www.vupen.com/english/advisories/2010/1022
http://www.vupen.com/english/advisories/2010/1207
http://www.vupen.com/english/advisories/2010/1221
XForce ISS Database: postgresql-substring-bo(55902)
http://xforce.iss.net/xforce/xfdb/55902
Common Vulnerability Exposure (CVE) ID: CVE-2010-0733
http://www.openwall.com/lists/oss-security/2010/03/09/2
http://www.openwall.com/lists/oss-security/2010/03/16/10
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php
http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
BugTraq ID: 38619
http://www.securityfocus.com/bid/38619
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10691
Common Vulnerability Exposure (CVE) ID: CVE-2010-1169
http://www.openwall.com/lists/oss-security/2010/05/20/5
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html
http://www.redhat.com/support/errata/RHSA-2010-0430.html
BugTraq ID: 40215
http://www.securityfocus.com/bid/40215
http://osvdb.org/64755
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10645
http://www.securitytracker.com/id?1023988
http://secunia.com/advisories/39845
http://secunia.com/advisories/39898
http://secunia.com/advisories/39815
http://www.vupen.com/english/advisories/2010/1167
http://www.vupen.com/english/advisories/2010/1198
http://www.vupen.com/english/advisories/2010/1182
XForce ISS Database: postgresql-safe-code-execution(58693)
http://xforce.iss.net/xforce/xfdb/58693
Common Vulnerability Exposure (CVE) ID: CVE-2010-1170
http://osvdb.org/64757
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10510
http://www.securitytracker.com/id?1023987
Common Vulnerability Exposure (CVE) ID: CVE-2010-1447
Debian Security Information: DSA-2267 (Google Search)
http://www.debian.org/security/2011/dsa-2267
http://www.mandriva.com/security/advisories?name=MDVSA-2010:115
http://www.mandriva.com/security/advisories?name=MDVSA-2010:116
http://www.redhat.com/support/errata/RHSA-2010-0457.html
http://www.redhat.com/support/errata/RHSA-2010-0458.html
BugTraq ID: 40305
http://www.securityfocus.com/bid/40305
http://osvdb.org/64756
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11530
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7320
http://secunia.com/advisories/40049
http://secunia.com/advisories/40052
Common Vulnerability Exposure (CVE) ID: CVE-2010-1975
BugTraq ID: 40304
http://www.securityfocus.com/bid/40304
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11004
Common Vulnerability Exposure (CVE) ID: CVE-2010-3433
Debian Security Information: DSA-2120 (Google Search)
http://www.debian.org/security/2010/dsa-2120
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:197
http://www.redhat.com/support/errata/RHSA-2010-0742.html
http://www.redhat.com/support/errata/RHSA-2010-0908.html
SuSE Security Announcement: SUSE-SR:2010:020 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://www.ubuntu.com/usn/USN-1002-1
http://www.ubuntu.com/usn/USN-1002-2
BugTraq ID: 43747
http://www.securityfocus.com/bid/43747
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7291
http://secunia.com/advisories/42325
http://www.vupen.com/english/advisories/2010/3051
Common Vulnerability Exposure (CVE) ID: CVE-2010-4015
Debian Security Information: DSA-2157 (Google Search)
http://www.debian.org/security/2011/dsa-2157
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:021
http://www.redhat.com/support/errata/RHSA-2011-0198.html
http://www.redhat.com/support/errata/RHSA-2011-0197.html
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.ubuntu.com/usn/USN-1058-1
BugTraq ID: 46084
http://www.securityfocus.com/bid/46084
http://osvdb.org/70740
http://secunia.com/advisories/43144
http://secunia.com/advisories/43154
http://secunia.com/advisories/43155
http://secunia.com/advisories/43187
http://secunia.com/advisories/43188
http://secunia.com/advisories/43240
http://www.vupen.com/english/advisories/2011/0262
http://www.vupen.com/english/advisories/2011/0278
http://www.vupen.com/english/advisories/2011/0283
http://www.vupen.com/english/advisories/2011/0287
http://www.vupen.com/english/advisories/2011/0299
http://www.vupen.com/english/advisories/2011/0303
http://www.vupen.com/english/advisories/2011/0349
XForce ISS Database: postgresql-gettoken-buffer-overflow(65060)
http://xforce.iss.net/xforce/xfdb/65060
Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://freshmeat.net/projects/crypt_blowfish
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
http://xforce.iss.net/xforce/xfdb/69319
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.