Test Kennung:	1.3.6.1.4.1.25623.1.0.70785
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 201110-22.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 201110-22. Vulnerability Insight: Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service. Solution: All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.2.22:8.2' All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.3.16:8.3' All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.4.9:8.4' All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-9.0.5:9.0' All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.2.22:8.2' All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.3.16:8.3' All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.4.9:8.4' All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-9.0.5:9.0' The old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: # emerge --unmerge 'dev-db/postgresql' CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0922 BugTraq ID: 34090 http://www.securityfocus.com/bid/34090 Bugtraq: 20090519 rPSA-2009-0086-1 postgresql postgresql-contrib postgresql-server (Google Search) http://www.securityfocus.com/archive/1/503598/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00810.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00843.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://www.mandriva.com/security/advisories?name=MDVSA-2009:079 http://www.openwall.com/lists/oss-security/2009/03/11/4 http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php http://archives.postgresql.org//pgsql-bugs/2009-02/msg00176.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10874 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6252 http://www.redhat.com/support/errata/RHSA-2009-1067.html http://www.securitytracker.com/id?1021860 http://secunia.com/advisories/34453 http://secunia.com/advisories/35100 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020455.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-258808-1 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.vupen.com/english/advisories/2009/0767 http://www.vupen.com/english/advisories/2009/1316 Common Vulnerability Exposure (CVE) ID: CVE-2009-3229 BugTraq ID: 36314 http://www.securityfocus.com/bid/36314 Bugtraq: 20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server (Google Search) http://www.securityfocus.com/archive/1/509917/100/0/threaded Debian Security Information: DSA-1900 (Google Search) http://www.us.debian.org/security/2009/dsa-1900 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html http://secunia.com/advisories/36660 http://secunia.com/advisories/36727 http://secunia.com/advisories/36800 http://secunia.com/advisories/36837 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.ubuntu.com/usn/usn-834-1 Common Vulnerability Exposure (CVE) ID: CVE-2009-3230 http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166 http://secunia.com/advisories/36695 http://www.vupen.com/english/advisories/2009/2602 Common Vulnerability Exposure (CVE) ID: CVE-2009-3231 Common Vulnerability Exposure (CVE) ID: CVE-2009-4034 BugTraq ID: 37334 http://www.securityfocus.com/bid/37334 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:333 http://osvdb.org/61038 http://www.securitytracker.com/id?1023325 http://secunia.com/advisories/37663 SuSE Security Announcement: SUSE-SR:2010:001 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://www.vupen.com/english/advisories/2009/3519 Common Vulnerability Exposure (CVE) ID: CVE-2009-4136 BugTraq ID: 37333 http://www.securityfocus.com/bid/37333 http://osvdb.org/61039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358 http://www.redhat.com/support/errata/RHSA-2010-0427.html http://www.redhat.com/support/errata/RHSA-2010-0428.html http://www.redhat.com/support/errata/RHSA-2010-0429.html http://www.securitytracker.com/id?1023326 http://secunia.com/advisories/39820 http://www.vupen.com/english/advisories/2010/1197 Common Vulnerability Exposure (CVE) ID: CVE-2010-0442 BugTraq ID: 37973 http://www.securityfocus.com/bid/37973 Debian Security Information: DSA-2051 (Google Search) http://www.debian.org/security/2010/dsa-2051 http://www.mandriva.com/security/advisories?name=MDVSA-2010:103 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html http://www.openwall.com/lists/oss-security/2010/01/27/5 http://archives.postgresql.org/pgsql-committers/2010-01/msg00125.php http://archives.postgresql.org/pgsql-hackers/2010-01/msg00634.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9720 http://securitytracker.com/id?1023510 http://secunia.com/advisories/39566 http://secunia.com/advisories/39939 http://ubuntu.com/usn/usn-933-1 http://www.vupen.com/english/advisories/2010/1022 http://www.vupen.com/english/advisories/2010/1207 http://www.vupen.com/english/advisories/2010/1221 XForce ISS Database: postgresql-substring-bo(55902) https://exchange.xforce.ibmcloud.com/vulnerabilities/55902 Common Vulnerability Exposure (CVE) ID: CVE-2010-0733 BugTraq ID: 38619 http://www.securityfocus.com/bid/38619 http://www.openwall.com/lists/oss-security/2010/03/09/2 http://www.openwall.com/lists/oss-security/2010/03/16/10 http://archives.postgresql.org/pgsql-bugs/2009-10/msg00277.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00287.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00289.php http://archives.postgresql.org/pgsql-bugs/2009-10/msg00310.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10691 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2010-1169 BugTraq ID: 40215 http://www.securityfocus.com/bid/40215 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041559.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041579.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041591.html http://www.openwall.com/lists/oss-security/2010/05/20/5 http://osvdb.org/64755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10645 http://www.redhat.com/support/errata/RHSA-2010-0430.html http://www.securitytracker.com/id?1023988 http://secunia.com/advisories/39815 http://secunia.com/advisories/39845 http://secunia.com/advisories/39898 http://www.vupen.com/english/advisories/2010/1167 http://www.vupen.com/english/advisories/2010/1182 http://www.vupen.com/english/advisories/2010/1198 XForce ISS Database: postgresql-safe-code-execution(58693) https://exchange.xforce.ibmcloud.com/vulnerabilities/58693 Common Vulnerability Exposure (CVE) ID: CVE-2010-1170 http://osvdb.org/64757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10510 http://www.securitytracker.com/id?1023987 Common Vulnerability Exposure (CVE) ID: CVE-2010-1447 BugTraq ID: 40305 http://www.securityfocus.com/bid/40305 Debian Security Information: DSA-2267 (Google Search) http://www.debian.org/security/2011/dsa-2267 http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 http://osvdb.org/64756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7320 http://www.redhat.com/support/errata/RHSA-2010-0457.html http://www.redhat.com/support/errata/RHSA-2010-0458.html http://secunia.com/advisories/40049 http://secunia.com/advisories/40052 Common Vulnerability Exposure (CVE) ID: CVE-2010-1975 BugTraq ID: 40304 http://www.securityfocus.com/bid/40304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004 Common Vulnerability Exposure (CVE) ID: CVE-2010-3433 BugTraq ID: 43747 http://www.securityfocus.com/bid/43747 Debian Security Information: DSA-2120 (Google Search) http://www.debian.org/security/2010/dsa-2120 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:197 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7291 http://www.redhat.com/support/errata/RHSA-2010-0742.html http://www.redhat.com/support/errata/RHSA-2010-0908.html http://secunia.com/advisories/42325 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SuSE Security Announcement: SUSE-SR:2010:020 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://www.ubuntu.com/usn/USN-1002-1 http://www.ubuntu.com/usn/USN-1002-2 http://www.vupen.com/english/advisories/2010/3051 Common Vulnerability Exposure (CVE) ID: CVE-2010-4015 BugTraq ID: 46084 http://www.securityfocus.com/bid/46084 Debian Security Information: DSA-2157 (Google Search) http://www.debian.org/security/2011/dsa-2157 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:021 http://osvdb.org/70740 http://www.redhat.com/support/errata/RHSA-2011-0197.html http://www.redhat.com/support/errata/RHSA-2011-0198.html http://secunia.com/advisories/43144 http://secunia.com/advisories/43154 http://secunia.com/advisories/43155 http://secunia.com/advisories/43187 http://secunia.com/advisories/43188 http://secunia.com/advisories/43240 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.ubuntu.com/usn/USN-1058-1 http://www.vupen.com/english/advisories/2011/0262 http://www.vupen.com/english/advisories/2011/0278 http://www.vupen.com/english/advisories/2011/0283 http://www.vupen.com/english/advisories/2011/0287 http://www.vupen.com/english/advisories/2011/0299 http://www.vupen.com/english/advisories/2011/0303 http://www.vupen.com/english/advisories/2011/0349 XForce ISS Database: postgresql-gettoken-buffer-overflow(65060) https://exchange.xforce.ibmcloud.com/vulnerabilities/65060 Common Vulnerability Exposure (CVE) ID: CVE-2011-2483 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html BugTraq ID: 49241 http://www.securityfocus.com/bid/49241 Debian Security Information: DSA-2340 (Google Search) http://www.debian.org/security/2011/dsa-2340 Debian Security Information: DSA-2399 (Google Search) http://www.debian.org/security/2012/dsa-2399 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 http://freshmeat.net/projects/crypt_blowfish http://www.redhat.com/support/errata/RHSA-2011-1377.html http://www.redhat.com/support/errata/RHSA-2011-1378.html http://www.redhat.com/support/errata/RHSA-2011-1423.html SuSE Security Announcement: SUSE-SA:2011:035 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html http://www.ubuntu.com/usn/USN-1229-1 XForce ISS Database: php-cryptblowfish-info-disclosure(69319) https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.