ID de Prueba:	1.3.6.1.4.1.25623.1.0.57120
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200607-04 (postgresql)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200607-04. A flaw in the multibyte character handling allows execution of arbitrary SQL statements. Solution: All PostgreSQL users should upgrade to the latest version in the respective branch they are using: # emerge --sync # emerge --ask --oneshot --verbose dev-db/postgresql Note: While a fix exists for the 7.3 branch it doesn't currently work on Gentoo. All 7.3.x users of PostgreSQL should consider updating their installations to the 7.4 (or higher) branch as soon as possible! http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-04 http://bugs.gentoo.org/show_bug.cgi?id=134168 http://www.postgresql.org/docs/techdocs.50 CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2313 BugTraq ID: 18092 http://www.securityfocus.com/bid/18092 Bugtraq: 20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15 (Google Search) http://www.securityfocus.com/archive/1/435038/100/0/threaded Bugtraq: 20060524 rPSA-2006-0080-1 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/435161/100/0/threaded Debian Security Information: DSA-1087 (Google Search) http://www.debian.org/security/2006/dsa-1087 http://security.gentoo.org/glsa/glsa-200607-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:098 http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10618 http://www.redhat.com/support/errata/RHSA-2006-0526.html http://securitytracker.com/id?1016142 http://secunia.com/advisories/20231 http://secunia.com/advisories/20232 http://secunia.com/advisories/20314 http://secunia.com/advisories/20435 http://secunia.com/advisories/20451 http://secunia.com/advisories/20503 http://secunia.com/advisories/20555 http://secunia.com/advisories/20653 http://secunia.com/advisories/20782 http://secunia.com/advisories/21001 SGI Security Advisory: 20060602-01-U ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SuSE Security Announcement: SUSE-SA:2006:030 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html http://www.trustix.org/errata/2006/0032/ https://usn.ubuntu.com/288-1/ http://www.ubuntu.com/usn/usn-288-2 http://www.vupen.com/english/advisories/2006/1941 XForce ISS Database: postgresql-multibyte-sql-injection(26627) https://exchange.xforce.ibmcloud.com/vulnerabilities/26627 Common Vulnerability Exposure (CVE) ID: CVE-2006-2314 http://www.osvdb.org/25731 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9947 http://secunia.com/advisories/21749 SuSE Security Announcement: SUSE-SR:2006:021 (Google Search) http://www.novell.com/linux/security/advisories/2006_21_sr.html http://www.ubuntu.com/usn/usn-288-3 XForce ISS Database: postgresql-ascii-sql-injection(26628) https://exchange.xforce.ibmcloud.com/vulnerabilities/26628
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.