ID de Prueba:	1.3.6.1.4.1.25623.1.0.58872
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0068
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0068. PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0068.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 8.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5540 BugTraq ID: 20717 http://www.securityfocus.com/bid/20717 http://www.mandriva.com/security/advisories?name=MDKSA-2006:194 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11425 http://www.redhat.com/support/errata/RHSA-2007-0064.html http://www.redhat.com/support/errata/RHSA-2007-0067.html http://www.redhat.com/support/errata/RHSA-2007-0068.html http://securitytracker.com/id?1017115 http://secunia.com/advisories/22562 http://secunia.com/advisories/22584 http://secunia.com/advisories/22606 http://secunia.com/advisories/22636 http://secunia.com/advisories/23048 http://secunia.com/advisories/23132 http://secunia.com/advisories/24094 http://secunia.com/advisories/24284 http://secunia.com/advisories/24577 SGI Security Advisory: 20070201-01-P ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc SuSE Security Announcement: SUSE-SR:2006:027 (Google Search) http://www.novell.com/linux/security/advisories/2006_27_sr.html http://www.trustix.org/errata/2006/0059/ http://www.ubuntu.com/usn/usn-369-1 http://www.ubuntu.com/usn/usn-369-2 http://www.vupen.com/english/advisories/2006/4182 Common Vulnerability Exposure (CVE) ID: CVE-2006-5541 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10905 Common Vulnerability Exposure (CVE) ID: CVE-2006-5542 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10122 Common Vulnerability Exposure (CVE) ID: CVE-2007-0555 BugTraq ID: 22387 http://www.securityfocus.com/bid/22387 Bugtraq: 20070206 rPSA-2007-0025-1 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/459280/100/0/threaded Bugtraq: 20070208 rPSA-2007-0025-2 postgresql postgresql-server (Google Search) http://www.securityfocus.com/archive/1/459448/100/0/threaded Debian Security Information: DSA-1261 (Google Search) http://www.debian.org/security/2007/dsa-1261 http://fedoranews.org/cms/node/2554 http://security.gentoo.org/glsa/glsa-200703-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:037 http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html http://osvdb.org/33087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9739 http://securitytracker.com/id?1017597 http://secunia.com/advisories/24028 http://secunia.com/advisories/24033 http://secunia.com/advisories/24042 http://secunia.com/advisories/24050 http://secunia.com/advisories/24057 http://secunia.com/advisories/24151 http://secunia.com/advisories/24158 http://secunia.com/advisories/24315 http://secunia.com/advisories/24513 http://secunia.com/advisories/25220 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1 SuSE Security Announcement: SUSE-SR:2007:010 (Google Search) http://www.novell.com/linux/security/advisories/2007_10_sr.html http://www.trustix.org/errata/2007/0007 https://usn.ubuntu.com/417-1/ http://www.ubuntu.com/usn/usn-417-2 http://www.vupen.com/english/advisories/2007/0478 http://www.vupen.com/english/advisories/2007/0774 XForce ISS Database: postgresql-sqlfunctions-info-disclosure(32195) https://exchange.xforce.ibmcloud.com/vulnerabilities/32195 Common Vulnerability Exposure (CVE) ID: CVE-2007-0556 http://osvdb.org/33302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11353 XForce ISS Database: postgresql-datatype-information-disclosure(32191) https://exchange.xforce.ibmcloud.com/vulnerabilities/32191
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.