ID de Prueba:	1.3.6.1.4.1.25623.1.0.69186
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2011:0197
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2011:0197. PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. For Red Hat Enterprise Linux 4, the updated postgresql packages contain a backported patch for this issue there are no other changes. For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.1/static/release.html For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-0197.html Risk factor : High CVSS Score: 6.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4015 BugTraq ID: 46084 http://www.securityfocus.com/bid/46084 Debian Security Information: DSA-2157 (Google Search) http://www.debian.org/security/2011/dsa-2157 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html HPdes Security Advisory: HPSBMU02781 http://marc.info/?l=bugtraq&m=134124585221119&w=2 HPdes Security Advisory: SSRT100617 http://www.mandriva.com/security/advisories?name=MDVSA-2011:021 http://osvdb.org/70740 http://www.redhat.com/support/errata/RHSA-2011-0197.html http://www.redhat.com/support/errata/RHSA-2011-0198.html http://secunia.com/advisories/43144 http://secunia.com/advisories/43154 http://secunia.com/advisories/43155 http://secunia.com/advisories/43187 http://secunia.com/advisories/43188 http://secunia.com/advisories/43240 SuSE Security Announcement: SUSE-SR:2011:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.ubuntu.com/usn/USN-1058-1 http://www.vupen.com/english/advisories/2011/0262 http://www.vupen.com/english/advisories/2011/0278 http://www.vupen.com/english/advisories/2011/0283 http://www.vupen.com/english/advisories/2011/0287 http://www.vupen.com/english/advisories/2011/0299 http://www.vupen.com/english/advisories/2011/0303 http://www.vupen.com/english/advisories/2011/0349 XForce ISS Database: postgresql-gettoken-buffer-overflow(65060) https://exchange.xforce.ibmcloud.com/vulnerabilities/65060
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.