 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.880562 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for postgresql84 CESA-2011:0198 centos5 i386 |
| Summary: | The remote host is missing an update for the 'postgresql84'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'postgresql84' package(s) announced via the referenced advisory. Vulnerability Insight: PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the linked PostgreSQL Release Notes for a full list of changes. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. Affected Software/OS: postgresql84 on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4015 BugTraq ID: 46084 http://www.securityfocus.com/bid/46084 Debian Security Information: DSA-2157 (Google Search) http://www.debian.org/security/2011/dsa-2157 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://www.mandriva.com/security/advisories?name=MDVSA-2011:021 http://osvdb.org/70740 http://www.redhat.com/support/errata/RHSA-2011-0197.html http://www.redhat.com/support/errata/RHSA-2011-0198.html http://secunia.com/advisories/43144 http://secunia.com/advisories/43154 http://secunia.com/advisories/43155 http://secunia.com/advisories/43187 http://secunia.com/advisories/43188 http://secunia.com/advisories/43240 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.ubuntu.com/usn/USN-1058-1 http://www.vupen.com/english/advisories/2011/0262 http://www.vupen.com/english/advisories/2011/0278 http://www.vupen.com/english/advisories/2011/0283 http://www.vupen.com/english/advisories/2011/0287 http://www.vupen.com/english/advisories/2011/0299 http://www.vupen.com/english/advisories/2011/0303 http://www.vupen.com/english/advisories/2011/0349 XForce ISS Database: postgresql-gettoken-buffer-overflow(65060) https://exchange.xforce.ibmcloud.com/vulnerabilities/65060 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |