{"bulletinFamily": "unix", "reporter": "Debian", "history": [], "modified": "2008-01-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_ia64.deb", "packageName": "libecpg4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_ia64.deb", "packageName": "postgresql", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_mips.deb", "packageName": "libpq3", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_mips.deb", "packageName": "postgresql-plpython-7.4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_i386.deb", "packageName": "postgresql-plperl-7.4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_sparc.deb", "packageName": "libecpg4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_alpha.deb", "packageName": "libpq3", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_hppa.deb", "packageName": "postgresql-plperl-7.4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_powerpc.deb", "packageName": "postgresql-plpython-7.4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_mips.deb", "packageName": "libpgtcl", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_mips.deb", "packageName": "postgresql-pltcl-7.4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_alpha.deb", "packageName": "postgresql", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_sparc.deb", "packageName": "postgresql-plpython-7.4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_s390.deb", "packageName": "postgresql", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_arm.deb", "packageName": "postgresql-contrib", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_hppa.deb", "packageName": "postgresql-contrib", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_alpha.deb", "packageName": "postgresql-7.4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_mips.deb", "packageName": "postgresql-client-7.4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_m68k.deb", "packageName": "postgresql", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_hppa.deb", "packageName": "postgresql-pltcl-7.4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_arm.deb", "packageName": "postgresql-contrib-7.4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_powerpc.deb", "packageName": "postgresql-contrib-7.4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_arm.deb", "packageName": "libpgtcl", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_sparc.deb", "packageName": "postgresql-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_m68k.deb", "packageName": "libpgtcl-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-server-dev-7.4_7.4.19-0etch1_all.deb", "packageName": "postgresql-server-dev-7.4", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_powerpc.deb", "packageName": "libpgtcl-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_mips.deb", "packageName": "postgresql-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_sparc.deb", "packageName": "libpq3", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_arm.deb", "packageName": "libpgtcl-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_alpha.deb", "packageName": "postgresql-plpython-7.4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_ia64.deb", "packageName": "postgresql-pltcl-7.4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_s390.deb", "packageName": "postgresql-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_s390.deb", "packageName": "postgresql-contrib-7.4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_s390.deb", "packageName": "libpq3", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_amd64.deb", "packageName": "postgresql-contrib-7.4", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_amd64.deb", "packageName": "libecpg4", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_amd64.deb", "packageName": "libpgtcl", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_sparc.deb", "packageName": "postgresql-plperl-7.4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1.diff", "packageFilename": "postgresql-7.4_7.4.19-0etch1.diff.gz", "packageName": "postgresql-7.4", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_alpha.deb", "packageName": "libpgtcl", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_arm.deb", "packageName": "postgresql-pltcl-7.4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_amd64.deb", "packageName": "postgresql-contrib", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_alpha.deb", "packageName": "postgresql-contrib", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_amd64.deb", "packageName": "libpq3", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_mips.deb", "packageName": "postgresql-client", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_s390.deb", "packageName": "postgresql-pltcl-7.4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_powerpc.deb", "packageName": "postgresql-pltcl-7.4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_powerpc.deb", "packageName": "postgresql-client", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_s390.deb", "packageName": "libpgtcl", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_mips.deb", "packageName": "libpgtcl-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_ia64.deb", "packageName": "postgresql-plperl-7.4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_sparc.deb", "packageName": "libpgtcl-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_m68k.deb", "packageName": "postgresql-client", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_hppa.deb", "packageName": "libpgtcl-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_s390.deb", "packageName": "postgresql-contrib", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_s390.deb", "packageName": "libecpg4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_alpha.deb", "packageName": "postgresql-client-7.4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-doc-7.4_7.4.19-0etch1_all.deb", "packageName": "postgresql-doc-7.4", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_arm.deb", "packageName": "libecpg4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_m68k.deb", "packageName": "postgresql-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_arm.deb", "packageName": "postgresql-client-7.4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_amd64.deb", "packageName": "libpgtcl-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_m68k.deb", "packageName": "libpq3", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_hppa.deb", "packageName": "postgresql-contrib-7.4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_hppa.deb", "packageName": "libecpg4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_powerpc.deb", "packageName": "postgresql-7.4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_arm.deb", "packageName": "libecpg-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_powerpc.deb", "packageName": "postgresql", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_hppa.deb", "packageName": "libpq3", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_powerpc.deb", "packageName": "postgresql-contrib", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_alpha.deb", "packageName": "postgresql-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_sparc.deb", "packageName": "postgresql-pltcl-7.4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_mips.deb", "packageName": "libecpg-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_powerpc.deb", "packageName": "libecpg-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_mips.deb", "packageName": "postgresql-plperl-7.4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_s390.deb", "packageName": "postgresql-client-7.4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_hppa.deb", "packageName": "libecpg-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_m68k.deb", "packageName": "libpgtcl", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_s390.deb", "packageName": "libecpg-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_s390.deb", "packageName": "postgresql-plperl-7.4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_arm.deb", "packageName": "postgresql-plpython-7.4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_ia64.deb", "packageName": "libpgtcl-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb", "packageName": "postgresql-pltcl-7.4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_sparc.deb", "packageName": "postgresql", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_ia64.deb", "packageName": "postgresql-client-7.4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_amd64.deb", "packageName": "postgresql-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_sparc.deb", "packageName": "libpgtcl", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6.dsc", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_mips.deb", "packageName": "postgresql", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_ia64.deb", "packageName": "libpgtcl", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_powerpc.deb", "packageName": "libpgtcl", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_ia64.deb", "packageName": "postgresql-contrib-7.4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_i386.deb", "packageName": "postgresql-contrib", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_powerpc.deb", "packageName": "libpq3", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_hppa.deb", "packageName": "postgresql-7.4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_arm.deb", "packageName": "postgresql-7.4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_m68k.deb", "packageName": "libecpg4", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_arm.deb", "packageName": "postgresql", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-doc_7.4.7-6sarge6_all.deb", "packageName": "postgresql-doc", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_mips.deb", "packageName": "postgresql-contrib-7.4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_mips.deb", "packageName": "postgresql-contrib", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_powerpc.deb", "packageName": "postgresql-client-7.4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7.orig", "packageFilename": "postgresql_7.4.7.orig.tar.gz", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_ia64.deb", "packageName": "postgresql-contrib", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_hppa.deb", "packageName": "postgresql-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_alpha.deb", "packageName": "libpgtcl-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_i386.deb", "packageName": "libecpg-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_alpha.deb", "packageName": "postgresql-pltcl-7.4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_alpha.deb", "packageName": "postgresql-client", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-pltcl-7.4_7.4.19-0etch1_amd64.deb", "packageName": "postgresql-pltcl-7.4", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_ia64.deb", "packageName": "postgresql-plpython-7.4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_arm.deb", "packageName": "libpq3", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_m68k.deb", "packageName": "libecpg-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_sparc.deb", "packageName": "postgresql-contrib", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_s390.deb", "packageName": "libpgtcl-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_s390.deb", "packageName": "postgresql-7.4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_sparc.deb", "packageName": "libecpg-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_ia64.deb", "packageName": "libpq3", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_alpha.deb", "packageName": "postgresql-contrib-7.4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_sparc.deb", "packageName": "postgresql-contrib-7.4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6.diff", "packageFilename": "postgresql_7.4.7-6sarge6.diff.gz", "packageName": "postgresql", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_alpha.deb", "packageName": "libecpg4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_arm.deb", "packageName": "postgresql-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_amd64.deb", "packageName": "postgresql", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_ia64.deb", "packageName": "postgresql-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-contrib-7.4_7.4.19-0etch1_i386.deb", "packageName": "postgresql-contrib-7.4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_hppa.deb", "packageName": "libpgtcl", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_i386.deb", "packageName": "postgresql-client-7.4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_sparc.deb", "packageName": "postgresql-7.4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_hppa.deb", "packageName": "postgresql", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_ia64.deb", "packageName": "postgresql-7.4", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_alpha.deb", "packageName": "postgresql-plperl-7.4", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_powerpc.deb", "packageName": "libecpg4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_i386.deb", "packageName": "postgresql-client", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_mips.deb", "packageName": "postgresql-7.4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_i386.deb", "packageName": "libecpg4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl_7.4.7-6sarge6_i386.deb", "packageName": "libpgtcl", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpq3_7.4.7-6sarge6_i386.deb", "packageName": "libpq3", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_hppa.deb", "packageName": "postgresql-plpython-7.4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1.dsc", "packageName": "postgresql-7.4", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_ia64.deb", "packageName": "libecpg-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_powerpc.deb", "packageName": "postgresql-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_i386.deb", "packageName": "postgresql-7.4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-dev_7.4.7-6sarge6_i386.deb", "packageName": "postgresql-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_s390.deb", "packageName": "postgresql-plpython-7.4", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_i386.deb", "packageName": "postgresql-plpython-7.4", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_amd64.deb", "packageName": "postgresql-client", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_ia64.deb", "packageName": "postgresql-client", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libpgtcl-dev_7.4.7-6sarge6_i386.deb", "packageName": "libpgtcl-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_arm.deb", "packageName": "postgresql-client", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg4_7.4.7-6sarge6_mips.deb", "packageName": "libecpg4", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql_7.4.7-6sarge6_i386.deb", "packageName": "postgresql", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_hppa.deb", "packageName": "postgresql-client", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-contrib_7.4.7-6sarge6_m68k.deb", "packageName": "postgresql-contrib", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_s390.deb", "packageName": "postgresql-client", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19.orig", "packageFilename": "postgresql-7.4_7.4.19.orig.tar.gz", "packageName": "postgresql-7.4", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_powerpc.deb", "packageName": "postgresql-plperl-7.4", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_arm.deb", "packageName": "postgresql-plperl-7.4", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_alpha.deb", "packageName": "libecpg-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_sparc.deb", "packageName": "postgresql-client-7.4", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plperl-7.4_7.4.19-0etch1_amd64.deb", "packageName": "postgresql-plperl-7.4", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_hppa.deb", "packageName": "postgresql-client-7.4", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "libecpg-dev_7.4.7-6sarge6_amd64.deb", "packageName": "libecpg-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-7.4_7.4.19-0etch1_amd64.deb", "packageName": "postgresql-7.4", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-plpython-7.4_7.4.19-0etch1_amd64.deb", "packageName": "postgresql-plpython-7.4", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "7.4.7-6sarge6", "packageFilename": "postgresql-client_7.4.7-6sarge6_sparc.deb", "packageName": "postgresql-client", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.19-0etch1", "packageFilename": "postgresql-client-7.4_7.4.19-0etch1_amd64.deb", "packageName": "postgresql-client-7.4", "arch": "x86-64", "operator": "lt"}], "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "title": "postgresql-7.4 -- several vulnerabilities", "objectVersion": "1.2", "edition": 1, "description": "Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: \n\n * [CVE-2007-3278](<https://security-tracker.debian.org/tracker/CVE-2007-3278>)\n\nIt was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as [CVE-2007-6601](<https://security-tracker.debian.org/tracker/CVE-2007-6601>), since the initial upstream fix was incomplete. \n\n * [CVE-2007-4769](<https://security-tracker.debian.org/tracker/CVE-2007-4769>)\n\nTavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-4772](<https://security-tracker.debian.org/tracker/CVE-2007-4772>)\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-6067](<https://security-tracker.debian.org/tracker/CVE-2007-6067>)\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-6600](<https://security-tracker.debian.org/tracker/CVE-2007-6600>)\n\nFunctions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at <http://www.postgresql.org/about/news.905>. \n\nFor the old stable distribution (sarge), some of these problems have been fixed in version 7.4.7-6sarge6 of the postgresql package. Please note that the fix for [CVE-2007-6600](<https://security-tracker.debian.org/tracker/CVE-2007-6600>) and for the handling of regular expressions havn't been backported due to the intrusiveness of the fix. We recommend to upgrade to the stable distribution if these vulnerabilities affect your setup. \n\nFor the stable distribution (etch), these problems have been fixed in version 7.4.19-0etch1. \n\nThe unstable distribution (sid) no longer contains postgres-7.4. \n\nWe recommend that you upgrade your postgresql-7.4 packages.", "type": "debian", "references": [], "hash": "d5817fdad60e757adbdd3eee2ad7968d5bfb59d850582106b465139abf79607e", "viewCount": 0, "href": "http://www.debian.org/security/dsa-1463", "published": "2008-01-14T00:00:00", "lastseen": "2016-09-02T18:19:44", "id": "DSA-1463"}

{"nessus": [{"lastseen": "2018-09-01T23:32:53", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4769", "https://security-tracker.debian.org/tracker/CVE-2007-4772", "https://security-tracker.debian.org/tracker/CVE-2007-3278", "https://security-tracker.debian.org/tracker/CVE-2007-6067", "http://www.postgresql.org/about/news.905", "https://security-tracker.debian.org/tracker/CVE-2007-6600", "https://security-tracker.debian.org/tracker/CVE-2007-6600", "http://www.debian.org/security/2008/dsa-1463", "https://security-tracker.debian.org/tracker/CVE-2007-6601"], "pluginID": "29968", "description": "Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete.\n\n - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.", "edition": 7, "reporter": "Tenable", "published": "2008-01-15T00:00:00", "title": "Debian DSA-1463-1 : postgresql-7.4 - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-07-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:postgresql-7.4"], "id": "DEBIAN_DSA-1463.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1463. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29968);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/26 13:32:43\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_xref(name:\"DSA\", value:\"1463\");\n\n script_name(english:\"Debian DSA-1463-1 : postgresql-7.4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2007-3278\n It was discovered that the DBLink module performed\n insufficient credential validation. This issue is also\n tracked as CVE-2007-6601, since the initial upstream fix\n was incomplete.\n\n - CVE-2007-4769\n Tavis Ormandy and Will Drewry discovered that a bug in\n the handling of back-references inside the regular\n expressions engine could lead to an out of bounds read,\n resulting in a crash. This constitutes only a security\n problem if an application using PostgreSQL processes\n regular expressions from untrusted sources.\n\n - CVE-2007-4772\n Tavis Ormandy and Will Drewry discovered that the\n optimizer for regular expression could be tricked into\n an infinite loop, resulting in denial of service. This\n constitutes only a security problem if an application\n using PostgreSQL processes regular expressions from\n untrusted sources.\n\n - CVE-2007-6067\n Tavis Ormandy and Will Drewry discovered that the\n optimizer for regular expression could be tricked\n massive resource consumption. This constitutes only a\n security problem if an application using PostgreSQL\n processes regular expressions from untrusted sources.\n\n - CVE-2007-6600\n Functions in index expressions could lead to privilege\n escalation. For a more in depth explanation please see\n the upstream announce available at\n http://www.postgresql.org/about/news.905.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postgresql.org/about/news.905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1463\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql-7.4 packages.\n\nFor the old stable distribution (sarge), some of these problems have\nbeen fixed in version 7.4.7-6sarge6 of the postgresql package. Please\nnote that the fix for CVE-2007-6600 and for the handling of regular\nexpressions havn't been backported due to the intrusiveness of the\nfix. We recommend to upgrade to the stable distribution if these\nvulnerabilities affect your setup.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 7.4.19-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libecpg-dev\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libecpg4\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpgtcl\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpgtcl-dev\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpq3\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-client\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-contrib\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-dev\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-doc\", reference:\"7.4.7-6sarge6\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-client-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-contrib-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-doc-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plperl-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plpython-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-pltcl-7.4\", reference:\"7.4.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-server-dev-7.4\", reference:\"7.4.19-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:11:09", "references": ["https://oss.oracle.com/pipermail/el-errata/2008-January/000480.html", "https://oss.oracle.com/pipermail/el-errata/2008-January/000484.html"], "pluginID": "67638", "description": "From Red Hat Security Advisory 2008:0038 :\n\nUpdated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server.\n\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)\n\nAll postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : postgresql (ELSA-2008-0038)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql-pl", "p-cpe:/a:oracle:linux:postgresql-tcl", "p-cpe:/a:oracle:linux:postgresql-contrib", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-test", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:postgresql-devel", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-jdbc", "p-cpe:/a:oracle:linux:postgresql-python", "p-cpe:/a:oracle:linux:postgresql-libs"], "id": "ORACLELINUX_ELSA-2008-0038.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0038 and \n# Oracle Linux Security Advisory ELSA-2008-0038 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67638);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_bugtraq_id(27163);\n script_xref(name:\"RHSA\", value:\"2008:0038\");\n\n script_name(english:\"Oracle Linux 4 / 5 : postgresql (ELSA-2008-0038)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0038 :\n\nUpdated postgresql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced Object-Relational database management system\n(DBMS). The postgresql packages include the client programs and\nlibraries needed to access a PostgreSQL DBMS server.\n\nWill Drewry discovered multiple flaws in PostgreSQL's regular\nexpression engine. An authenticated attacker could use these flaws to\ncause a denial of service by causing the PostgreSQL server to crash,\nenter an infinite loop, or use extensive CPU and memory resources\nwhile processing queries containing specially crafted regular\nexpressions. Applications that accept regular expressions from\nuntrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An\nauthenticated attacker could create an index function that would be\nexecuted with administrator privileges during database maintenance\ntasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database\nLink library (dblink). An authenticated attacker could use dblink to\npossibly escalate privileges on systems with 'trust' or 'ident'\nauthentication configured. Please note that dblink functionality is\nnot enabled by default, and can only by enabled by a database\nadministrator on systems with the postgresql-contrib package\ninstalled. (CVE-2007-3278, CVE-2007-6601)\n\nAll postgresql users should upgrade to these updated packages, which\ninclude PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-January/000484.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-contrib-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-contrib-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-devel-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-devel-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-docs-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-docs-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-jdbc-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-jdbc-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-libs-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-libs-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-pl-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-pl-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-python-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-python-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-server-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-server-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-tcl-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-tcl-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"postgresql-test-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"postgresql-test-7.4.19-1.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"postgresql-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-contrib-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-devel-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-docs-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-libs-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-pl-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-python-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-server-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-tcl-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-test-8.1.11-1.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:44", "references": [], "pluginID": "29978", "description": "Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries.\n(CVE-2007-3278, CVE-2007-6601)\n\nIt was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nIt was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions.\nA remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2008-01-15T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-08-06T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:postgresql", "cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.2", "p-cpe:/a:canonical:ubuntu_linux:libecpg5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.2", "p-cpe:/a:canonical:ubuntu_linux:libecpg-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.2", "p-cpe:/a:canonical:ubuntu_linux:libpgtypes2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-568-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-568-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29978);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_xref(name:\"USN\", value:\"568-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nico Leidecker discovered that PostgreSQL did not properly restrict\ndblink functions. An authenticated user could exploit this flaw to\naccess arbitrary accounts and execute arbitrary SQL queries.\n(CVE-2007-3278, CVE-2007-6601)\n\nIt was discovered that the TCL regular expression parser used by\nPostgreSQL did not properly check its input. An attacker could send\ncrafted regular expressions to PostgreSQL and cause a denial of\nservice via resource exhaustion or database crash. (CVE-2007-4769,\nCVE-2007-4772, CVE-2007-6067)\n\nIt was discovered that PostgreSQL executed VACUUM and ANALYZE\noperations within index functions with superuser privileges and also\nallowed SET ROLE and SET SESSION AUTHORIZATION within index functions.\nA remote authenticated user could exploit these flaws to gain\nprivileges. (CVE-2007-6600).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-dev\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg5\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpgtypes2\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq-dev\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq4\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.11-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg-dev\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg5\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpgtypes2\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpq-dev\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpq4\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.11-0ubuntu0.6.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libecpg-compat2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libecpg-dev\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libecpg5\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpgtypes2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpq-dev\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libpq5\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-client-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-contrib-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-doc-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-plperl-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-plpython-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-pltcl-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"postgresql-server-dev-8.2\", pkgver:\"8.2.6-0ubuntu0.7.04.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libecpg-compat2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libecpg-dev\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libecpg5\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpgtypes2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpq-dev\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libpq5\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-client\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-client-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-contrib\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-contrib-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-doc\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-doc-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-plperl-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-plpython-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-pltcl-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"postgresql-server-dev-8.2\", pkgver:\"8.2.6-0ubuntu0.7.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libecpg-compat2 / libecpg-dev / libecpg5 / libpgtypes2 / libpq-dev / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:42", "references": ["http://www.nessus.org/u?e170ebc6"], "pluginID": "60343", "description": "Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)", "edition": 5, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2016-12-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080111_POSTGRESQL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60343);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/14 20:22:12 $\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Will Drewry discovered multiple flaws in PostgreSQL's regular\nexpression engine. An authenticated attacker could use these flaws to\ncause a denial of service by causing the PostgreSQL server to crash,\nenter an infinite loop, or use extensive CPU and memory resources\nwhile processing queries containing specially crafted regular\nexpressions. Applications that accept regular expressions from\nuntrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An\nauthenticated attacker could create an index function that would be\nexecuted with administrator privileges during database maintenance\ntasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database\nLink library (dblink). An authenticated attacker could use dblink to\npossibly escalate privileges on systems with 'trust' or 'ident'\nauthentication configured. Please note that dblink functionality is\nnot enabled by default, and can only by enabled by a database\nadministrator on systems with the postgresql-contrib package\ninstalled. (CVE-2007-3278, CVE-2007-6601)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=717\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e170ebc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-contrib-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-devel-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-docs-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-jdbc-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-libs-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-pl-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-python-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-server-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-tcl-7.3.21-1\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-test-7.3.21-1\")) flag++;\n\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-contrib-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-contrib-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-devel-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-devel-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-docs-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-docs-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-jdbc-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-jdbc-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-libs-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-libs-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-pl-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-pl-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-python-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-python-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-server-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-server-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-tcl-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-tcl-7.4.19-1.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"postgresql-test-7.4.19-1.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"postgresql-test-7.4.19-1.el4.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"postgresql-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-contrib-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-devel-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-docs-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-libs-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-pl-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-python-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-server-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-tcl-8.1.11-1.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-test-8.1.11-1.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:32", "references": [], "pluginID": "38083", "description": "Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions.\n\nRegular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067, CVE-2007-4769): three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend.\n\nDBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle (see CVE-2007-3278), but that patch failed to close all forms of the loophole.\n\nUpdated packages fix these issues by upgrading to the latest maintenance versions of PostgreSQL.", "edition": 6, "reporter": "Tenable", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2008:004)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64ecpg5-devel", "p-cpe:/a:mandriva:linux:postgresql", "p-cpe:/a:mandriva:linux:lib64pq-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-plpgsql", "p-cpe:/a:mandriva:linux:postgresql-pl", "p-cpe:/a:mandriva:linux:postgresql8.2-plpython", "p-cpe:/a:mandriva:linux:postgresql-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-server", "p-cpe:/a:mandriva:linux:libecpg5-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-contrib", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:lib64ecpg5", "p-cpe:/a:mandriva:linux:postgresql-docs", "p-cpe:/a:mandriva:linux:postgresql8.2", "p-cpe:/a:mandriva:linux:libecpg5", "p-cpe:/a:mandriva:linux:postgresql-pltcl", "p-cpe:/a:mandriva:linux:postgresql8.2-pltcl", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:postgresql-test", "p-cpe:/a:mandriva:linux:postgresql8.2-test", "p-cpe:/a:mandriva:linux:libpq-devel", "p-cpe:/a:mandriva:linux:libpq4", "p-cpe:/a:mandriva:linux:lib64pq5", "p-cpe:/a:mandriva:linux:postgresql-plperl", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libpq5", "p-cpe:/a:mandriva:linux:postgresql-contrib", "p-cpe:/a:mandriva:linux:lib64ecpg-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-devel", "p-cpe:/a:mandriva:linux:postgresql-plpython", "p-cpe:/a:mandriva:linux:postgresql8.2-plperl", "p-cpe:/a:mandriva:linux:postgresql-plpgsql", "p-cpe:/a:mandriva:linux:lib64pq4", "p-cpe:/a:mandriva:linux:libpq5-devel", "p-cpe:/a:mandriva:linux:libpq4-devel", "p-cpe:/a:mandriva:linux:postgresql-server", "p-cpe:/a:mandriva:linux:postgresql8.2-pl", "p-cpe:/a:mandriva:linux:lib64pq4-devel", "p-cpe:/a:mandriva:linux:lib64pq5-devel", "p-cpe:/a:mandriva:linux:libecpg-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-docs"], "id": "MANDRIVA_MDVSA-2008-004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=38083", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:004. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38083);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 20:59:15\");\n\n script_cve_id(\"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_xref(name:\"MDVSA\", value:\"2008:004\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postgresql (MDVSA-2008:004)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Index Functions Privilege Escalation (CVE-2007-6600): as a unique\nfeature, PostgreSQL allows users to create indexes on the results of\nuser-defined functions, known as expression indexes. This provided two\nvulnerabilities to privilege escalation: (1) index functions were\nexecuted as the superuser and not the table owner during VACUUM and\nANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were\npermitted within index functions.\n\nRegular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,\nCVE-2007-4769): three separate issues in the regular expression\nlibraries used by PostgreSQL allowed malicious users to initiate a\ndenial-of-service by passing certain regular expressions in SQL\nqueries. First, users could create infinite loops using some specific\nregular expressions. Second, certain complex regular expressions could\nconsume excessive amounts of memory. Third, out-of-range backref\nnumbers could be used to crash the backend.\n\nDBLink Privilege Escalation (CVE-2007-6601): DBLink functions combined\nwith local trust or ident authentication could be used by a malicious\nuser to gain superuser privileges. This issue has been fixed, and does\nnot affect users who have not installed DBLink (an optional module),\nor who are using password authentication for local access. This same\nproblem was addressed in the previous release cycle (see\nCVE-2007-3278), but that patch failed to close all forms of the\nloophole.\n\nUpdated packages fix these issues by upgrading to the latest\nmaintenance versions of PostgreSQL.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64ecpg5-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64ecpg5-devel-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64pq4-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64pq4-devel-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libecpg5-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libecpg5-devel-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libpq4-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libpq4-devel-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-contrib-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-devel-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-docs-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-pl-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-plperl-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-plpgsql-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-plpython-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-pltcl-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-server-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-test-8.1.11-0.1mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ecpg5-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64ecpg5-devel-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64pq5-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64pq5-devel-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libecpg5-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libecpg5-devel-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpq5-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpq5-devel-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-contrib-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-devel-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-docs-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-pl-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-plperl-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-plpgsql-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-plpython-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-pltcl-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-server-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"postgresql-test-8.2.6-0.1mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ecpg-devel-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ecpg5-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pq-devel-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pq5-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libecpg-devel-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libecpg5-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpq-devel-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpq5-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql-devel-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-contrib-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-devel-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-docs-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-pl-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-plperl-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-plpgsql-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-plpython-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-pltcl-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-server-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-test-8.2.6-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:24", "references": ["https://www.redhat.com/security/data/cve/CVE-2007-3278.html", "https://www.redhat.com/security/data/cve/CVE-2007-6067.html", "https://www.redhat.com/security/data/cve/CVE-2007-4772.html", "https://www.redhat.com/security/data/cve/CVE-2007-6600.html", "http://rhn.redhat.com/errata/RHSA-2008-0038.html", "https://www.redhat.com/security/data/cve/CVE-2007-6601.html", "https://www.redhat.com/security/data/cve/CVE-2007-4769.html"], "pluginID": "29955", "description": "Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server.\n\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with 'trust' or 'ident' authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601)\n\nAll postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.", "edition": 6, "reporter": "Tenable", "published": "2008-01-14T00:00:00", "title": "RHEL 4 / 5 : postgresql (RHSA-2008:0038)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc", "cpe:/o:redhat:enterprise_linux:5.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0038.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29955", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0038. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29955);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/07/25 18:58:04\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_bugtraq_id(27163);\n script_xref(name:\"RHSA\", value:\"2008:0038\");\n\n script_name(english:\"RHEL 4 / 5 : postgresql (RHSA-2008:0038)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced Object-Relational database management system\n(DBMS). The postgresql packages include the client programs and\nlibraries needed to access a PostgreSQL DBMS server.\n\nWill Drewry discovered multiple flaws in PostgreSQL's regular\nexpression engine. An authenticated attacker could use these flaws to\ncause a denial of service by causing the PostgreSQL server to crash,\nenter an infinite loop, or use extensive CPU and memory resources\nwhile processing queries containing specially crafted regular\nexpressions. Applications that accept regular expressions from\nuntrusted sources may expose this problem to unauthorized attackers.\n(CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nA privilege escalation flaw was discovered in PostgreSQL. An\nauthenticated attacker could create an index function that would be\nexecuted with administrator privileges during database maintenance\ntasks, such as database vacuuming. (CVE-2007-6600)\n\nA privilege escalation flaw was discovered in PostgreSQL's Database\nLink library (dblink). An authenticated attacker could use dblink to\npossibly escalate privileges on systems with 'trust' or 'ident'\nauthentication configured. Please note that dblink functionality is\nnot enabled by default, and can only by enabled by a database\nadministrator on systems with the postgresql-contrib package\ninstalled. (CVE-2007-3278, CVE-2007-6601)\n\nAll postgresql users should upgrade to these updated packages, which\ninclude PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-3278.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-4769.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-4772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6600.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2007-6601.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2008-0038.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0038\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-contrib-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-devel-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-docs-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-jdbc-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-libs-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-pl-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-python-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-server-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-tcl-7.4.19-1.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-test-7.4.19-1.el4_6.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-contrib-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-contrib-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-devel-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-docs-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-docs-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-docs-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-libs-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-pl-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-pl-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-pl-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-python-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-python-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-python-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-server-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-server-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-server-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-tcl-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-tcl-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-tcl-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-test-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-test-8.1.11-1.el5_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-test-8.1.11-1.el5_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:59", "references": ["https://security-tracker.debian.org/tracker/CVE-2007-4769", "http://www.debian.org/security/2008/dsa-1460", "https://security-tracker.debian.org/tracker/CVE-2007-4772", "https://security-tracker.debian.org/tracker/CVE-2007-3278", "https://security-tracker.debian.org/tracker/CVE-2007-6067", "http://www.postgresql.org/about/news.905", "https://security-tracker.debian.org/tracker/CVE-2007-6600", "https://security-tracker.debian.org/tracker/CVE-2007-6601"], "pluginID": "29937", "description": "Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete.\n\n - CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources.\n\n - CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905.", "edition": 6, "reporter": "Tenable", "published": "2008-01-14T00:00:00", "title": "Debian DSA-1460-1 : postgresql-8.1 - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:postgresql-8.1"], "id": "DEBIAN_DSA-1460.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29937", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1460. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29937);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_xref(name:\"DSA\", value:\"1460\");\n\n script_name(english:\"Debian DSA-1460-1 : postgresql-8.1 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2007-3278\n It was discovered that the DBLink module performed\n insufficient credential validation. This issue is also\n tracked as CVE-2007-6601, since the initial upstream fix\n was incomplete.\n\n - CVE-2007-4769\n Tavis Ormandy and Will Drewry discovered that a bug in\n the handling of back-references inside the regular\n expressions engine could lead to an out of bounds read,\n resulting in a crash. This constitutes only a security\n problem if an application using PostgreSQL processes\n regular expressions from untrusted sources.\n\n - CVE-2007-4772\n Tavis Ormandy and Will Drewry discovered that the\n optimizer for regular expression could be tricked into\n an infinite loop, resulting in denial of service. This\n constitutes only a security problem if an application\n using PostgreSQL processes regular expressions from\n untrusted sources.\n\n - CVE-2007-6067\n Tavis Ormandy and Will Drewry discovered that the\n optimizer for regular expression could be tricked\n massive resource consumption. This constitutes only a\n security problem if an application using PostgreSQL\n processes regular expressions from untrusted sources.\n\n - CVE-2007-6600\n Functions in index expressions could lead to privilege\n escalation. For a more in depth explanation please see\n the upstream announce available at\n http://www.postgresql.org/about/news.905.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-6600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postgresql.org/about/news.905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2008/dsa-1460\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql-8.1 (8.1.11-0etch1) package.\n\nThe old stable distribution (sarge), doesn't contain postgresql-8.1.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion postgresql-8.1 8.1.11-0etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libecpg-compat2\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libecpg-dev\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libecpg5\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpgtypes2\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpq-dev\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpq4\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-client-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-contrib-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-doc-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plperl-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plpython-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-pltcl-8.1\", reference:\"8.1.11-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-server-dev-8.1\", reference:\"8.1.11-0etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:37", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=316511", "http://www.nessus.org/u?b94a6f53", "https://bugzilla.redhat.com/show_bug.cgi?id=427128", "https://bugzilla.redhat.com/show_bug.cgi?id=400931", "https://bugzilla.redhat.com/show_bug.cgi?id=427127", "https://bugzilla.redhat.com/show_bug.cgi?id=315231", "https://bugzilla.redhat.com/show_bug.cgi?id=427772"], "pluginID": "29948", "description": "- Mon Jan 7 2008 Tom Lane <tgl at redhat.com> 8.2.6-1\n\n - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601\n\n - Make initscript and pam config files be installed unconditionally; seems new buildroots don't necessarily have those directories in place\n\n - Thu Sep 20 2007 Tom Lane <tgl at redhat.com> 8.2.5-1\n\n - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0\n\n - Fix multilib problem for /usr/include/ecpg_config.h (which is new in 8.2.x)\n\n - Use tzdata package's data files instead of private copy, so that postgresql-server need not be turned for routine timezone updates\n\n - Don't remove postgres user/group during RPM uninstall, per Fedora packaging guidelines\n\n - Recent perl changes in rawhide mean we need a more specific BuildRequires\n\n - Wed Jun 20 2007 Tom Lane <tgl at redhat.com> 8.2.4-2\n\n - Fix oversight in postgresql-test makefile: pg_regress isn't a shell script anymore. Per upstream bug 3398.\n\n - Tue Apr 24 2007 Tom Lane <tgl at redhat.com> 8.2.4-1\n\n - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data loss bugs Resolves: #237682\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2008-01-14T00:00:00", "title": "Fedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2016-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:postgresql-plperl", "p-cpe:/a:fedoraproject:fedora:postgresql-plpython", "p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo", "p-cpe:/a:fedoraproject:fedora:postgresql-contrib", "p-cpe:/a:fedoraproject:fedora:postgresql-devel", "p-cpe:/a:fedoraproject:fedora:postgresql-tcl", "p-cpe:/a:fedoraproject:fedora:postgresql-server", "p-cpe:/a:fedoraproject:fedora:postgresql", "p-cpe:/a:fedoraproject:fedora:postgresql-libs", "p-cpe:/a:fedoraproject:fedora:postgresql-docs", "p-cpe:/a:fedoraproject:fedora:postgresql-python", "p-cpe:/a:fedoraproject:fedora:postgresql-test", "p-cpe:/a:fedoraproject:fedora:postgresql-pltcl"], "id": "FEDORA_2008-0552.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29948", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0552.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29948);\n script_version (\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:11:35 $\");\n\n script_cve_id(\"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_bugtraq_id(27163);\n script_xref(name:\"FEDORA\", value:\"2008-0552\");\n\n script_name(english:\"Fedora 7 : postgresql-8.2.6-1.fc7 (2008-0552)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Mon Jan 7 2008 Tom Lane <tgl at redhat.com> 8.2.6-1\n\n - Update to PostgreSQL 8.2.6 to fix CVE-2007-4769,\n CVE-2007-4772, CVE-2007-6067, CVE-2007-6600,\n CVE-2007-6601\n\n - Make initscript and pam config files be installed\n unconditionally; seems new buildroots don't necessarily\n have those directories in place\n\n - Thu Sep 20 2007 Tom Lane <tgl at redhat.com> 8.2.5-1\n\n - Update to PostgreSQL 8.2.5 and pgtcl 1.6.0\n\n - Fix multilib problem for /usr/include/ecpg_config.h\n (which is new in 8.2.x)\n\n - Use tzdata package's data files instead of private\n copy, so that postgresql-server need not be turned for\n routine timezone updates\n\n - Don't remove postgres user/group during RPM uninstall,\n per Fedora packaging guidelines\n\n - Recent perl changes in rawhide mean we need a more\n specific BuildRequires\n\n - Wed Jun 20 2007 Tom Lane <tgl at redhat.com> 8.2.4-2\n\n - Fix oversight in postgresql-test makefile: pg_regress\n isn't a shell script anymore. Per upstream bug 3398.\n\n - Tue Apr 24 2007 Tom Lane <tgl at redhat.com> 8.2.4-1\n\n - Update to PostgreSQL 8.2.4 for CVE-2007-2138, data\n loss bugs Resolves: #237682\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=315231\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=316511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=400931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=427772\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/006822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b94a6f53\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-contrib-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-debuginfo-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-devel-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-docs-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-libs-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-plperl-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-plpython-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-pltcl-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-python-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-server-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-tcl-8.2.6-1.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"postgresql-test-8.2.6-1.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:06", "references": ["http://www.nessus.org/u?962596d0", "http://www.postgresql.org/about/news.905"], "pluginID": "32063", "description": "The PostgreSQL developers report :\n\nPostgreSQL allows users to create indexes on the results of user-defined functions, known as 'expression indexes'. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed.\n\nPostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend.\n\nDBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.", "edition": 5, "reporter": "Tenable", "published": "2008-04-28T00:00:00", "title": "FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2016-12-08T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:postgresql", "p-cpe:/a:freebsd:freebsd:postgresql-server"], "id": "FREEBSD_PKG_51436B4C125011DDBAB70016179B2DD5.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32063);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:31:55 $\");\n\n script_cve_id(\"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_bugtraq_id(27163);\n\n script_name(english:\"FreeBSD : postgresql -- multiple vulnerabilities (51436b4c-1250-11dd-bab7-0016179b2dd5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The PostgreSQL developers report :\n\nPostgreSQL allows users to create indexes on the results of\nuser-defined functions, known as 'expression indexes'. This provided\ntwo vulnerabilities to privilege escalation: (1) index functions were\nexecuted as the superuser and not the table owner during VACUUM and\nANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were\npermitted within index functions. Both of these holes have now been\nclosed.\n\nPostgreSQL allowed malicious users to initiate a denial-of-service by\npassing certain regular expressions in SQL queries. First, users could\ncreate infinite loops using some specific regular expressions. Second,\ncertain complex regular expressions could consume excessive amounts of\nmemory. Third, out-of-range backref numbers could be used to crash the\nbackend.\n\nDBLink functions combined with local trust or ident authentication\ncould be used by a malicious user to gain superuser privileges. This\nissue has been fixed, and does not affect users who have not installed\nDBLink (an optional module), or who are using password authentication\nfor local access. This same problem was addressed in the previous\nrelease cycle, but that patch failed to close all forms of the\nloophole.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.postgresql.org/about/news.905\"\n );\n # http://www.freebsd.org/ports/portaudit/51436b4c-1250-11dd-bab7-0016179b2dd5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?962596d0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postgresql>=7.3<7.3.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql>=7.4<7.4.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql>=8.0<8.0.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql>=8.1<8.1.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql>=8.2<8.2.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=7.3<7.3.21\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=7.4<7.4.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.0<8.0.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.1<8.1.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.2<8.2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:51", "references": ["https://security.gentoo.org/glsa/200801-15"], "pluginID": "30120", "description": "The remote host is affected by the vulnerability described in GLSA-200801-15 (PostgreSQL: Multiple vulnerabilities)\n\n If using the 'expression indexes' feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601).\n This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278.\n Impact :\n\n A remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges.\n Workaround :\n\n There is no known workaround for all these issues at this time.", "edition": 6, "reporter": "Tenable", "published": "2008-01-29T00:00:00", "title": "GLSA-200801-15 : PostgreSQL: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-07-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:postgresql", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200801-15.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=30120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200801-15.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(30120);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_xref(name:\"GLSA\", value:\"200801-15\");\n\n script_name(english:\"GLSA-200801-15 : PostgreSQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200801-15\n(PostgreSQL: Multiple vulnerabilities)\n\n If using the 'expression indexes' feature, PostgreSQL executes index\n functions as the superuser during VACUUM and ANALYZE instead of the\n table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the\n index functions (CVE-2007-6600). Additionally, several errors involving\n regular expressions were found (CVE-2007-4769, CVE-2007-4772,\n CVE-2007-6067). Eventually, a privilege escalation vulnerability via\n unspecified vectors in the DBLink module was reported (CVE-2007-6601).\n This vulnerability is exploitable when local trust or ident\n authentication is used, and is due to an incomplete fix of\n CVE-2007-3278.\n \nImpact :\n\n A remote authenticated attacker could send specially crafted queries\n containing complex regular expressions to the server that could result\n in a Denial of Service by a server crash (CVE-2007-4769), an infinite\n loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two\n other vulnerabilities can be exploited to gain additional privileges.\n \nWorkaround :\n\n There is no known workaround for all these issues at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200801-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PostgreSQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose 'dev-db/postgresql'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 264, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/postgresql\", unaffected:make_list(\"ge 8.0.15\", \"rge 7.4.19\", \"rge 7.3.21\"), vulnerable:make_list(\"lt 8.0.15\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PostgreSQL\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:40", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "src", "packageFilename": "postgresql-7.4.19-1.el4_6.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "src", "packageFilename": "postgresql-7.4.19-1.el4_6.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "src", "packageFilename": "postgresql-7.4.19-1.el4_6.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "src", "packageFilename": "postgresql-8.1.11-1.el5_1.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "src", "packageFilename": "postgresql-8.1.11-1.el5_1.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "src", "packageFilename": "postgresql-8.1.11-1.el5_1.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "x86_64", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "x86_64", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "ia64", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "arch": "i386", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}], "description": " [7.4.19-1.el4_6.1]\n - Update to PostgreSQL 7.4.19 to fix CVE-2007-4769, CVE-2007-4772,\n CVE-2007-6067, CVE-2007-6600, CVE-2007-6601\n Resolves: #427135 ", "edition": 3, "reporter": "Oracle", "published": "2008-01-11T00:00:00", "title": "Moderate: postgresql security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-11T00:00:00", "id": "ELSA-2008-0038", "href": "http://linux.oracle.com/errata/ELSA-2008-0038.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:57", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageFilename": "tcl-devel-8.4.13-6.el5.x86_64.rpm", "packageName": "tcl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageFilename": "tcl-html-8.4.13-6.el5.i386.rpm", "packageName": "tcl-html", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "ia64", "packageFilename": "tcl-8.4.13-6.el5.ia64.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageFilename": "tcl-8.4.13-6.el5.x86_64.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "packageName": "tcl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "packageName": "tcl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "ia64", "packageFilename": "tcl-html-8.4.13-6.el5.ia64.rpm", "packageName": "tcl-html", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageFilename": "tcl-html-8.4.13-6.el5.x86_64.rpm", "packageName": "tcl-html", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "src", "packageFilename": "tcl-8.4.13-6.el5.src.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "src", "packageFilename": "tcl-8.4.13-6.el5.src.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "src", "packageFilename": "tcl-8.4.13-6.el5.src.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "ia64", "packageFilename": "tcl-devel-8.4.13-6.el5.ia64.rpm", "packageName": "tcl-devel", "operator": "lt"}], "description": "[8.4.13-6]\r\n- Fixed infinite loop in regex NFA optimization code\r\n Resolves: CVE-2007-4772\r\n- Fixed O(N^2) compile time (and huge memory requirements) for some regexps\r\n Resolves: CVE-2007-6067\r\n \n[8.4.13-5]\r\n- Threaded / nonthreaded versions of tcl are now switchable through alternatives\r\n Resolves: rhbz#478961", "edition": 3, "reporter": "Oracle", "published": "2013-01-11T00:00:00", "title": "tcl security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4772", "CVE-2007-6067"], "modified": "2013-01-11T00:00:00", "id": "ELSA-2013-0122", "href": "http://linux.oracle.com/errata/ELSA-2013-0122.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-devel-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-python-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-test-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-server-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-docs-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-tcl-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-contrib-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-devel-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-tcl-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-libs-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-docs-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-contrib-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-pl-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-pl-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-libs-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-libs-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "src", "packageFilename": "rh-postgresql-7.3.21-1.src.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "src", "packageFilename": "rh-postgresql-7.3.21-1.src.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-python-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-server-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-7.3.21-1.i386.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "x86_64", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-1", "arch": "i386", "packageFilename": "rh-postgresql-test-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-test", "operator": "lt"}], "description": " [7.3.21-1]\n - Update to PostgreSQL 7.3.21 to fix CVE-2007-6600, CVE-2007-6601\n Resolves: #427134 ", "edition": 3, "reporter": "Oracle", "published": "2008-01-11T00:00:00", "title": "Moderate: postgresql security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2007-6601"], "modified": "2008-01-11T00:00:00", "id": "ELSA-2008-0039", "href": "http://linux.oracle.com/errata/ELSA-2008-0039.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:23", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "arch": "i386", "packageFilename": "expect-devel-5.38.0-92.8.i386.rpm", "packageName": "expect-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "src", "packageFilename": "tcltk-8.3.5-92.8.src.rpm", "packageName": "tcltk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "src", "packageFilename": "tcltk-8.3.5-92.8.src.rpm", "packageName": "tcltk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "arch": "x86_64", "packageFilename": "expect-devel-5.38.0-92.8.x86_64.rpm", "packageName": "expect-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.2-92.8", "arch": "i386", "packageFilename": "itcl-3.2-92.8.i386.rpm", "packageName": "itcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "arch": "x86_64", "packageFilename": "expect-5.38.0-92.8.x86_64.rpm", "packageName": "expect", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageFilename": "tk-devel-8.3.5-92.8.x86_64.rpm", "packageName": "tk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.1.4-92.8", "arch": "i386", "packageFilename": "tix-8.1.4-92.8.i386.rpm", "packageName": "tix", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3-92.8", "arch": "i386", "packageFilename": "tclx-8.3-92.8.i386.rpm", "packageName": "tclx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3-92.8", "arch": "i386", "packageFilename": "tclx-8.3-92.8.i386.rpm", "packageName": "tclx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "arch": "i386", "packageFilename": "expect-5.38.0-92.8.i386.rpm", "packageName": "expect", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "3.2-92.8", "arch": "x86_64", "packageFilename": "itcl-3.2-92.8.x86_64.rpm", "packageName": "itcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageFilename": "tcl-devel-8.3.5-92.8.x86_64.rpm", "packageName": "tcl-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.1.4-92.8", "arch": "x86_64", "packageFilename": "tix-8.1.4-92.8.x86_64.rpm", "packageName": "tix", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageFilename": "tcl-8.3.5-92.8.i386.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageFilename": "tcl-8.3.5-92.8.i386.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageFilename": "tcl-8.3.5-92.8.x86_64.rpm", "packageName": "tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageFilename": "tk-devel-8.3.5-92.8.i386.rpm", "packageName": "tk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3-92.8", "arch": "x86_64", "packageFilename": "tclx-8.3-92.8.x86_64.rpm", "packageName": "tclx", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageFilename": "tk-8.3.5-92.8.x86_64.rpm", "packageName": "tk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageFilename": "tk-8.3.5-92.8.i386.rpm", "packageName": "tk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageFilename": "tk-8.3.5-92.8.i386.rpm", "packageName": "tk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageFilename": "tcl-devel-8.3.5-92.8.i386.rpm", "packageName": "tcl-devel", "operator": "lt"}], "description": " [8.3.5-92.8]\n - CVE-2008-0553 CVE-2007-5378 CVE-2007-4772\n - problems: regexp, GIF overflow and also GIF overflow\n Resolves: #432511 ", "edition": 3, "reporter": "Oracle", "published": "2008-02-22T00:00:00", "title": "Moderate: tcltk security update ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"], "modified": "2008-02-22T00:00:00", "id": "ELSA-2008-0134", "href": "http://linux.oracle.com/errata/ELSA-2008-0134.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:01", "references": [], "pluginID": "60278", "description": "The remote host is missing updates announced in\nadvisory GLSA 200801-15.", "edition": 2, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Gentoo Security Advisory GLSA 200801-15 (postgresql)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60278", "id": "OPENVAS:60278", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL contains multiple vulnerabilities that could result in privilege\nescalation or a Denial of Service.\";\ntag_solution = \"All PostgreSQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose 'dev-db/postgresql'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200801-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=204760\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200801-15.\";\n\n \n\nif(description)\n{\n script_id(60278);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200801-15 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/postgresql\", unaffected: make_list(\"ge 8.0.15\", \"rge 7.4.19\", \"rge 7.3.21\"), vulnerable: make_list(\"lt 8.0.15\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:29:19", "references": ["568-1", "http://www.ubuntu.com/usn/usn-568-1/"], "pluginID": "840326", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-568-1", "edition": 3, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Ubuntu Update for postgresql vulnerabilities USN-568-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840326", "id": "OPENVAS:840326", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_568_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for postgresql vulnerabilities USN-568-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nico Leidecker discovered that PostgreSQL did not properly\n restrict dblink functions. An authenticated user could exploit\n this flaw to access arbitrary accounts and execute arbitrary\n SQL queries. (CVE-2007-3278, CVE-2007-6601)\n\n It was discovered that the TCL regular expression parser used\n by PostgreSQL did not properly check its input. An attacker\n could send crafted regular expressions to PostgreSQL and cause\n a denial of service via resource exhaustion or database crash.\n (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n \n It was discovered that PostgreSQL executed VACUUM and ANALYZE\n operations within index functions with superuser privileges and\n also allowed SET ROLE and SET SESSION AUTHORIZATION within index\n functions. A remote authenticated user could exploit these flaws\n to gain privileges. (CVE-2007-6600)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-568-1\";\ntag_affected = \"postgresql vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-568-1/\");\n script_id(840326);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"568-1\");\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_name( \"Ubuntu Update for postgresql vulnerabilities USN-568-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.2_8.2.6-0ubuntu0.7.04.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.11-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.11-0ubuntu0.6.10.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.2_8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.2.6-0ubuntu0.7.10.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:02", "references": [], "pluginID": "60180", "description": "The remote host is missing an update to postgresql-7.4\nannounced via advisory DSA 1463-1.", "edition": 2, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 1463-1 (postgresql-7.4)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60180", "id": "OPENVAS:60180", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1463_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1463-1 (postgresql-7.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2007-3278\n\nIt was discovered that the DBLink module performed insufficient\ncredential validation. This issue is also tracked as CVE-2007-6601,\nsince the initial upstream fix was incomplete.\n\nCVE-2007-4769\n\nTavis Ormandy and Will Drewry discovered that a bug in the handling\nof back-references inside the regular expressions engine could lead\nto an out of bands read, resulting in a crash. This constitutes only\na security problem if an application using ProgreSQL processes\nregular expressions from untrusted sources.\n\nCVE-2007-4772\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular\nexpression could be tricked into an infinite loop, resulting in denial\nof service. This constitutes only a security problem if an application\nusing ProgreSQL processes regular expressions from untrusted sources.\n\nCVE-2007-6067\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular\nexpression could be tricked massive ressource consumption. This\nconstitutes only a security problem if an application using ProgreSQL\nprocesses regular expressions from untrusted sources.\n\nCVE-2007-6600\n\nFunctions in index expressions could lead to privilege escalation. For\na more in depth explanation please see the upstream announce available\nat http://www.postgresql.org/about/news.905.\n\nThe unstable distribution (sid) no longer contains postgres-7.4\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 7.4.19-0etch1.\n\nFor the old stable distribution (sarge), some of these problems have been\nfixed in version 7.4.7-6sarge6 of the postgresql package. Please note that\nthe fix for CVE-2007-6600 and for the handling of regular expressions\nhasn't been backported due to the intrusiveness of the fix. We recommend\nto upgrade to the stable distribution if these vulnerabilities affect your\nsetup.\n\nWe recommend that you upgrade your postgresql-7.4 packages.\";\ntag_summary = \"The remote host is missing an update to postgresql-7.4\nannounced via advisory DSA 1463-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201463-1\";\n\n\nif(description)\n{\n script_id(60180);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-31 16:11:48 +0100 (Thu, 31 Jan 2008)\");\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1463-1 (postgresql-7.4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq3\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtcl-dev\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-dev\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtcl\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg4\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"7.4.7-6sarge6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-7.4\", ver:\"7.4.19-0etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:24", "references": ["http://lists.mandriva.com/security-announce/2008-01/msg00010.php", "2008:004"], "pluginID": "1361412562310830498", "description": "Check for the Version of postgresql", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for postgresql MDVSA-2008:004 (postgresql)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830498", "id": "OPENVAS:1361412562310830498", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for postgresql MDVSA-2008:004 (postgresql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Index Functions Privilege Escalation (CVE-2007-6600): as a unique\n feature, PostgreSQL allows users to create indexes on the results of\n user-defined functions, known as expression indexes. This provided\n two vulnerabilities to privilege escalation: (1) index functions were\n executed as the superuser and not the table owner during VACUUM and\n ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were\n permitted within index functions.\n\n Regular Expression Denial-of-Service (CVE-2007-4772, CVE-2007-6067,\n CVE-2007-4769): three separate issues in the regular expression\n libraries used by PostgreSQL allowed malicious users to initiate\n a denial-of-service by passing certain regular expressions in SQL\n queries. First, users could create infinite loops using some specific\n regular expressions. Second, certain complex regular expressions\n could consume excessive amounts of memory. Third, out-of-range backref\n numbers could be used to crash the backend.\n \n DBLink Privilege Escalation (CVE-2007-6601): DBLink functions\n combined with local trust or ident authentication could be used by\n a malicious user to gain superuser privileges. This issue has been\n fixed, and does not affect users who have not installed DBLink (an\n optional module), or who are using password authentication for local\n access. This same problem was addressed in the previous release cycle\n (see CVE-2007-3278), but that patch failed to close all forms of\n the loophole.\n \n Updated packages fix these issues by upgrading to the latest\n maintenance versions of PostgreSQL.\";\n\ntag_affected = \"postgresql on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00010.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830498\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:004\");\n script_cve_id(\"CVE-2007-6600\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-4769\", \"CVE-2007-6601\", \"CVE-2007-3278\");\n script_name( \"Mandriva Update for postgresql MDVSA-2008:004 (postgresql)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg5\", rpm:\"libecpg5~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libecpg5-devel\", rpm:\"libecpg5-devel~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq5\", rpm:\"libpq5~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq5-devel\", rpm:\"libpq5-devel~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpgsql\", rpm:\"postgresql-plpgsql~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5\", rpm:\"lib64ecpg5~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5-devel\", rpm:\"lib64ecpg5-devel~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq5\", rpm:\"lib64pq5~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq5-devel\", rpm:\"lib64pq5-devel~8.2.6~0.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg5\", rpm:\"libecpg5~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libecpg5-devel\", rpm:\"libecpg5-devel~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq4\", rpm:\"libpq4~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq4-devel\", rpm:\"libpq4-devel~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpgsql\", rpm:\"postgresql-plpgsql~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5\", rpm:\"lib64ecpg5~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5-devel\", rpm:\"lib64ecpg5-devel~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq4\", rpm:\"lib64pq4~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq4-devel\", rpm:\"lib64pq4-devel~8.1.11~0.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg-devel\", rpm:\"libecpg-devel~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libecpg5\", rpm:\"libecpg5~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq-devel\", rpm:\"libpq-devel~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq5\", rpm:\"libpq5~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2\", rpm:\"postgresql8.2~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-contrib\", rpm:\"postgresql8.2-contrib~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-devel\", rpm:\"postgresql8.2-devel~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-docs\", rpm:\"postgresql8.2-docs~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-pl\", rpm:\"postgresql8.2-pl~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plperl\", rpm:\"postgresql8.2-plperl~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plpgsql\", rpm:\"postgresql8.2-plpgsql~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plpython\", rpm:\"postgresql8.2-plpython~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-pltcl\", rpm:\"postgresql8.2-pltcl~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-server\", rpm:\"postgresql8.2-server~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-test\", rpm:\"postgresql8.2-test~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg-devel\", rpm:\"lib64ecpg-devel~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5\", rpm:\"lib64ecpg5~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq-devel\", rpm:\"lib64pq-devel~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq5\", rpm:\"lib64pq5~8.2.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:16", "references": ["https://www.redhat.com/archives/rhsa-announce/2008-January/msg00003.html", "2008:0038-01"], "pluginID": "870092", "description": "Check for the Version of postgresql", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "RedHat Update for postgresql RHSA-2008:0038-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870092", "id": "OPENVAS:870092", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for postgresql RHSA-2008:0038-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced Object-Relational database management system\n (DBMS). The postgresql packages include the client programs and libraries\n needed to access a PostgreSQL DBMS server.\n\n Will Drewry discovered multiple flaws in PostgreSQL's regular expression\n engine. An authenticated attacker could use these flaws to cause a denial\n of service by causing the PostgreSQL server to crash, enter an infinite\n loop, or use extensive CPU and memory resources while processing queries\n containing specially crafted regular expressions. Applications that accept\n regular expressions from untrusted sources may expose this problem to\n unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n \n A privilege escalation flaw was discovered in PostgreSQL. An authenticated\n attacker could create an index function that would be executed with\n administrator privileges during database maintenance tasks, such as\n database vacuuming. (CVE-2007-6600)\n \n A privilege escalation flaw was discovered in PostgreSQL's Database Link\n library (dblink). An authenticated attacker could use dblink to possibly\n escalate privileges on systems with &quot;trust&quot; or &quot;ident&quot; authentication\n configured. Please note that dblink functionality is not enabled by\n default, and can only by enabled by a database administrator on systems\n with the postgresql-contrib package installed. (CVE-2007-3278,\n CVE-2007-6601)\n \n All postgresql users should upgrade to these updated packages, which\n include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\";\n\ntag_affected = \"postgresql on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00003.html\");\n script_id(870092);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0038-01\");\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_name( \"RedHat Update for postgresql RHSA-2008:0038-01\");\n\n script_summary(\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:56", "references": ["2008:0038", "http://lists.centos.org/pipermail/centos-announce/2008-January/014604.html"], "pluginID": "1361412562310880285", "description": "Check for the Version of postgresql", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-02-27T00:00:00", "title": "CentOS Update for postgresql CESA-2008:0038 centos4 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880285", "id": "OPENVAS:1361412562310880285", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2008:0038 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced Object-Relational database management system\n (DBMS). The postgresql packages include the client programs and libraries\n needed to access a PostgreSQL DBMS server.\n\n Will Drewry discovered multiple flaws in PostgreSQL's regular expression\n engine. An authenticated attacker could use these flaws to cause a denial\n of service by causing the PostgreSQL server to crash, enter an infinite\n loop, or use extensive CPU and memory resources while processing queries\n containing specially crafted regular expressions. Applications that accept\n regular expressions from untrusted sources may expose this problem to\n unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n \n A privilege escalation flaw was discovered in PostgreSQL. An authenticated\n attacker could create an index function that would be executed with\n administrator privileges during database maintenance tasks, such as\n database vacuuming. (CVE-2007-6600)\n \n A privilege escalation flaw was discovered in PostgreSQL's Database Link\n library (dblink). An authenticated attacker could use dblink to possibly\n escalate privileges on systems with &quot;trust&quot; or &quot;ident&quot; authentication\n configured. Please note that dblink functionality is not enabled by\n default, and can only by enabled by a database administrator on systems\n with the postgresql-contrib package installed. (CVE-2007-3278,\n CVE-2007-6601)\n \n All postgresql users should upgrade to these updated packages, which\n include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\";\n\ntag_affected = \"postgresql on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-January/014604.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880285\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0038\");\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_name( \"CentOS Update for postgresql CESA-2008:0038 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.19~1.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:15", "references": [], "pluginID": "60891", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "FreeBSD Ports: postgresql, postgresql-server", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2016-09-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60891", "id": "OPENVAS:60891", "sourceData": "#\n#VID 51436b4c-1250-11dd-bab7-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n postgresql\n postgresql-server\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.postgresql.org/about/news.905\nhttp://www.vuxml.org/freebsd/51436b4c-1250-11dd-bab7-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60891);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-6600\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-4769\", \"CVE-2007-6601\");\n script_bugtraq_id(27163);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: postgresql, postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.3\")>=0 && revcomp(a:bver, b:\"7.3.21\")<0) {\n txt += 'Package postgresql version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.19\")<0) {\n txt += 'Package postgresql version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.15\")<0) {\n txt += 'Package postgresql version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.11\")<0) {\n txt += 'Package postgresql version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.6\")<0) {\n txt += 'Package postgresql version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.3\")>=0 && revcomp(a:bver, b:\"7.3.21\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.19\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.15\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.11\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.6\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:00", "references": [], "pluginID": "65971", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql\n postgresql-contrib\n postgresql-devel\n postgresql-docs\n postgresql-libs\n postgresql-pl\n postgresql-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-13T00:00:00", "title": "SLES10: Security update for PostgreSQL", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2017-07-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65971", "id": "OPENVAS:65971", "sourceData": "#\n#VID slesp1-postgresql-4962\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for PostgreSQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql\n postgresql-contrib\n postgresql-devel\n postgresql-docs\n postgresql-libs\n postgresql-pl\n postgresql-server\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65971);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-6600\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-4769\", \"CVE-2007-6601\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for PostgreSQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.11~0.2\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:06", "references": [], "pluginID": "136141256231065378", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql-pl\n postgresql\n postgresql-server\n postgresql-libs\n postgresql-devel\n postgresql-contrib\n postgresql-docs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021809 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-10T00:00:00", "title": "SLES9: Security update for postgresql", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065378", "id": "OPENVAS:136141256231065378", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021809.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for postgresql\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql-pl\n postgresql\n postgresql-server\n postgresql-libs\n postgresql-devel\n postgresql-contrib\n postgresql-docs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021809 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65378\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-6600\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-4769\", \"CVE-2007-6601\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for postgresql\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.19~0.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:18", "references": ["https://www.redhat.com/archives/rhsa-announce/2008-January/msg00003.html", "2008:0038-01"], "pluginID": "1361412562310870092", "description": "Check for the Version of postgresql", "edition": 2, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for postgresql RHSA-2008:0038-01", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870092", "id": "OPENVAS:1361412562310870092", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for postgresql RHSA-2008:0038-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced Object-Relational database management system\n (DBMS). The postgresql packages include the client programs and libraries\n needed to access a PostgreSQL DBMS server.\n\n Will Drewry discovered multiple flaws in PostgreSQL's regular expression\n engine. An authenticated attacker could use these flaws to cause a denial\n of service by causing the PostgreSQL server to crash, enter an infinite\n loop, or use extensive CPU and memory resources while processing queries\n containing specially crafted regular expressions. Applications that accept\n regular expressions from untrusted sources may expose this problem to\n unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n \n A privilege escalation flaw was discovered in PostgreSQL. An authenticated\n attacker could create an index function that would be executed with\n administrator privileges during database maintenance tasks, such as\n database vacuuming. (CVE-2007-6600)\n \n A privilege escalation flaw was discovered in PostgreSQL's Database Link\n library (dblink). An authenticated attacker could use dblink to possibly\n escalate privileges on systems with &quot;trust&quot; or &quot;ident&quot; authentication\n configured. Please note that dblink functionality is not enabled by\n default, and can only by enabled by a database administrator on systems\n with the postgresql-contrib package installed. (CVE-2007-3278,\n CVE-2007-6601)\n \n All postgresql users should upgrade to these updated packages, which\n include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\";\n\ntag_affected = \"postgresql on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-January/msg00003.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870092\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0038-01\");\n script_cve_id(\"CVE-2007-3278\", \"CVE-2007-4769\", \"CVE-2007-4772\", \"CVE-2007-6067\", \"CVE-2007-6600\", \"CVE-2007-6601\");\n script_name( \"RedHat Update for postgresql RHSA-2008:0038-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.11~1.el5_1.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.19~1.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:36", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2008-0038.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-contrib-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-contrib", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-jdbc-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-jdbc", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-test-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-test", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-libs-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-libs", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-contrib-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-contrib", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-jdbc-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-jdbc", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-jdbc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-docs-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-docs", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-libs-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-libs", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-tcl-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-tcl", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-tcl-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-tcl", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-devel-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-docs-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-docs", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-7.4.19-1.el4_6.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-7.4.19-1.el4_6.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-devel-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-pl-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-pl", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-python-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-python", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-test-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-test", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-contrib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-jdbc-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-jdbc", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-tcl-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-tcl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-docs-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-docs", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-8.1.11-1.el5_1.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-8.1.11-1.el5_1.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-server-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-server", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-test-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-test", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-pl-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-pl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-devel-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-python-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-python", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-pl-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-pl", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-server-7.4.19-1.c4.1.ia64.rpm", "packageName": "postgresql-server", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-contrib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm", "packageName": "postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-server-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-server", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-python-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-python", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-libs-7.4.19-1.c4.1.s390x.rpm", "packageName": "postgresql-libs", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm", "packageName": "postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageFilename": "postgresql-7.4.19-1.el4_6.1.i386.rpm", "packageName": "postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.19-1.c4.1", "packageFilename": "postgresql-contrib-7.4.19-1.c4.1.s390.rpm", "packageName": "postgresql-contrib", "arch": "s390", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0038\n\n\nPostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression\r\nengine. An authenticated attacker could use these flaws to cause a denial\r\nof service by causing the PostgreSQL server to crash, enter an infinite\r\nloop, or use extensive CPU and memory resources while processing queries\r\ncontaining specially crafted regular expressions. Applications that accept\r\nregular expressions from untrusted sources may expose this problem to\r\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed. (CVE-2007-3278,\r\nCVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014576.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014580.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014593.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014594.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014603.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014604.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0038.html", "edition": 2, "reporter": "CentOS Project", "published": "2008-01-11T15:27:05", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "postgresql security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-14T13:01:35", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014576.html", "id": "CESA-2008:0038", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:44:54", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2008-0039.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-python-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-python", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-test-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-docs-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-devel-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-contrib-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-contrib", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-pl-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-pl-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-python-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-test-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-test", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-test-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-test", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-jdbc", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-contrib-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-contrib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.i386.rpm", "packageName": "rh-postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-test-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-pl-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-pl", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-pl-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-pl", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-tcl-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-tcl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-docs-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-docs", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-server-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-server", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-libs", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-libs", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.s390.rpm", "packageName": "rh-postgresql", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-test-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-test", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-devel-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-jdbc", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-docs-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-server-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-devel-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-tcl-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-tcl", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-devel-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-server-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-python-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-python", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-server-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-server", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-python-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-python", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-tcl-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-tcl", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-docs-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-docs", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-tcl-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-python-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-docs-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-docs", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-contrib-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-contrib", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-server-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-server", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-devel-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-contrib-7.3.21-1.s390x.rpm", "packageName": "rh-postgresql-contrib", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.s390.rpm", "packageName": "rh-postgresql-libs", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-contrib-7.3.21-1.x86_64.rpm", "packageName": "rh-postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-pl-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-pl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-tcl-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.src.rpm", "packageName": "rh-postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.src.rpm", "packageName": "rh-postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.ia64.rpm", "packageName": "rh-postgresql-jdbc", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.i386.rpm", "packageName": "rh-postgresql-jdbc", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0039\n\n\nPostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.3.21 and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014571.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014572.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014574.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014579.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0039.html", "edition": 2, "reporter": "CentOS Project", "published": "2008-01-11T14:31:56", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "rh security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2007-3278", "CVE-2007-6601"], "modified": "2008-01-11T17:14:36", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014571.html", "id": "CESA-2008:0039", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-09T11:45:36", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0122.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "any", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "any", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "i386", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "arch": "x86_64", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0122\n\n\nTcl (Tool Command Language) provides a powerful platform for creating\nintegration applications that tie together diverse applications, protocols,\ndevices, and frameworks. When paired with the Tk toolkit, Tcl provides a\nfast and powerful way to create cross-platform GUI applications.\n\nTwo denial of service flaws were found in the Tcl regular expression\nhandling engine. If Tcl or an application using Tcl processed a\nspecially-crafted regular expression, it would lead to excessive CPU and\nmemory consumption. (CVE-2007-4772, CVE-2007-6067)\n\nThis update also fixes the following bug:\n\n* Due to a suboptimal implementation of threading in the current version of\nthe Tcl language interpreter, an attempt to use threads in combination with\nfork in a Tcl script could cause the script to stop responding. At the\nmoment, it is not possible to rewrite the source code or drop support for\nthreading entirely. Consequent to this, this update provides a version of\nTcl without threading support in addition to the standard version with this\nsupport. Users who need to use fork in their Tcl scripts and do not require\nthreading can now switch to the version without threading support by using\nthe alternatives command. (BZ#478961)\n\nAll users of Tcl are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/019168.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/000450.html\n\n**Affected packages:**\ntcl\ntcl-devel\ntcl-html\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0122.html", "edition": 3, "reporter": "CentOS Project", "published": "2013-01-09T20:44:22", "title": "tcl security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4772", "CVE-2007-6067"], "modified": "2013-01-11T13:19:12", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/019168.html", "id": "CESA-2013:0122", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-12T14:45:05", "references": ["https://rhn.redhat.com/errata/RHSA-2009-1485.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-server", "packageFilename": "rh-postgresql-server-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql", "packageFilename": "rh-postgresql-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-pl", "packageFilename": "rh-postgresql-pl-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-test", "packageFilename": "rh-postgresql-test-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-libs", "packageFilename": "rh-postgresql-libs-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-devel", "packageFilename": "rh-postgresql-devel-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-test", "packageFilename": "rh-postgresql-test-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-devel", "packageFilename": "rh-postgresql-devel-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-libs", "packageFilename": "rh-postgresql-libs-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-tcl", "packageFilename": "rh-postgresql-tcl-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-python", "packageFilename": "rh-postgresql-python-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-jdbc", "packageFilename": "rh-postgresql-jdbc-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-docs", "packageFilename": "rh-postgresql-docs-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql", "packageFilename": "rh-postgresql-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-python", "packageFilename": "rh-postgresql-python-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-tcl", "packageFilename": "rh-postgresql-tcl-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-jdbc", "packageFilename": "rh-postgresql-jdbc-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-pl", "packageFilename": "rh-postgresql-pl-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-contrib", "packageFilename": "rh-postgresql-contrib-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "any", "packageName": "rh-postgresql", "packageFilename": "rh-postgresql-7.3.21-2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "any", "packageName": "rh-postgresql", "packageFilename": "rh-postgresql-7.3.21-2.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "x86_64", "packageName": "rh-postgresql-docs", "packageFilename": "rh-postgresql-docs-7.3.21-2.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-server", "packageFilename": "rh-postgresql-server-7.3.21-2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-2", "arch": "i386", "packageName": "rh-postgresql-contrib", "packageFilename": "rh-postgresql-contrib-7.3.21-2.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1485\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0039 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nAll PostgreSQL users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If you are running a\nPostgreSQL server, the postgresql service must be restarted for this update\nto take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016179.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016180.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1485.html", "edition": 2, "reporter": "CentOS Project", "published": "2009-10-07T22:13:30", "title": "rh security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-3230"], "modified": "2009-10-07T22:13:56", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/016179.html", "id": "CESA-2009:1485", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:25:29", "references": ["https://rhn.redhat.com/errata/RHSA-2009-1484.html", "http://rhn.redhat.com/errata/RHSA-2009-1484.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-jdbc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-7.4.26-1.el4_8.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-7.4.26-1.el4_8.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-debuginfo-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-debuginfo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-8.1.18-2.el5_4.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-8.1.18-2.el5_4.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-contrib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-contrib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-debuginfo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-debuginfo-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-debuginfo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1484\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016183.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016184.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016272.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016274.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-debuginfo\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2009-1484.html", "edition": 1, "reporter": "CentOS Project", "published": "2009-10-09T16:00:55", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "postgresql security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "modified": "2009-10-30T15:43:59", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/016183.html", "id": "CESA-2009:1484", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:46:28", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.0-75", "packageFilename": "tcllib-1.0-75.i386.rpm", "packageName": "tcllib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "3.2-75", "packageFilename": "itcl-3.2-75.i386.rpm", "packageName": "itcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "8.3.3-75", "packageFilename": "tcl-8.3.3-75.i386.rpm", "packageName": "tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "8.2.0b1-75", "packageFilename": "tix-8.2.0b1-75.i386.rpm", "packageName": "tix", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "8.3.3-75", "packageFilename": "tk-8.3.3-75.i386.rpm", "packageName": "tk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "5.38.0-75", "packageFilename": "expect-5.38.0-75.i386.rpm", "packageName": "expect", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "8.3-75", "packageFilename": "tclx-8.3-75.i386.rpm", "packageName": "tclx", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0134-01\n\n\nTcl is a scripting language designed for embedding into other applications\r\nand for use with Tk, a widget set.\r\n\r\nAn input validation flaw was discovered in Tk's GIF image handling. A\r\ncode-size value read from a GIF image was not properly validated before\r\nbeing used, leading to a buffer overflow. A specially crafted GIF file\r\ncould use this to cause a crash or, potentially, execute code with the\r\nprivileges of the application using the Tk graphical toolkit.\r\n(CVE-2008-0553)\r\n\r\nA buffer overflow flaw was discovered in Tk's animated GIF image handling.\r\nAn animated GIF containing an initial image smaller than subsequent images\r\ncould cause a crash or, potentially, execute code with the privileges of\r\nthe application using the Tk library. (CVE-2007-5378)\r\n\r\nA flaw in the Tcl regular expression handling engine was discovered by Will\r\nDrewry. This flaw, first discovered in the Tcl regular expression engine\r\nused in the PostgreSQL database server, resulted in an infinite loop when\r\nprocessing certain regular expressions. (CVE-2007-4772)\r\n\r\nAll users are advised to upgrade to these updated packages which contain\r\nbackported patches which resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014697.html\n\n**Affected packages:**\nexpect\nitcl\ntcl\ntcllib\ntclx\ntix\ntk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2008-02-23T01:59:42", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "expect, itcl, tcl, tcllib, tclx, tix, tk security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"], "modified": "2008-02-23T01:59:42", "href": "http://lists.centos.org/pipermail/centos-announce/2008-February/014697.html", "id": "CESA-2008:0134-01", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:45:07", "references": ["https://rhn.redhat.com/errata/RHSA-2008-0134.html", "http://pasi.pirhonen.eu/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tk-8.3.5-92.8.i386.rpm", "packageName": "tk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tk-8.3.5-92.8.i386.rpm", "packageName": "tk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-html-8.3.5-92.8.x86_64.rpm", "packageName": "tcl-html", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "packageFilename": "expect-5.38.0-92.8.i386.rpm", "packageName": "expect", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-devel-8.3.5-92.8.c3.s390.rpm", "packageName": "tcl-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-devel-8.3.5-92.8.c3.s390x.rpm", "packageName": "tcl-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.1.4-92.8.c3", "packageFilename": "tix-8.1.4-92.8.c3.s390x.rpm", "packageName": "tix", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tk-8.3.5-92.8.c3.s390x.rpm", "packageName": "tk", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.3-92.8", "packageFilename": "tcllib-1.3-92.8.x86_64.rpm", "packageName": "tcllib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expectk-5.38.0-92.8.c3.s390x.rpm", "packageName": "expectk", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expect-devel-5.38.0-92.8.c3.ia64.rpm", "packageName": "expect-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.2-92.8.c3", "packageFilename": "itcl-3.2-92.8.c3.s390.rpm", "packageName": "itcl", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tk-devel-8.3.5-92.8.i386.rpm", "packageName": "tk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.2-92.8.c3", "packageFilename": "itcl-3.2-92.8.c3.s390x.rpm", "packageName": "itcl", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.1.4-92.8", "packageFilename": "tix-8.1.4-92.8.i386.rpm", "packageName": "tix", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-html-8.3.5-92.8.c3.s390x.rpm", "packageName": "tcl-html", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tk-8.3.5-92.8.x86_64.rpm", "packageName": "tk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expectk-5.38.0-92.8.c3.ia64.rpm", "packageName": "expectk", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-html-8.3.5-92.8.c3.ia64.rpm", "packageName": "tcl-html", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expect-devel-5.38.0-92.8.c3.s390x.rpm", "packageName": "expect-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcltk-8.3.5-92.8.src.rpm", "packageName": "tcltk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcltk-8.3.5-92.8.src.rpm", "packageName": "tcltk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3-92.8", "packageFilename": "tclx-8.3-92.8.i386.rpm", "packageName": "tclx", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3-92.8", "packageFilename": "tclx-8.3-92.8.i386.rpm", "packageName": "tclx", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "packageFilename": "expect-devel-5.38.0-92.8.i386.rpm", "packageName": "expect-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3-92.8", "packageFilename": "tclx-8.3-92.8.x86_64.rpm", "packageName": "tclx", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-html-8.3.5-92.8.i386.rpm", "packageName": "tcl-html", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "packageFilename": "expectk-5.38.0-92.8.x86_64.rpm", "packageName": "expectk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expect-5.38.0-92.8.c3.s390.rpm", "packageName": "expect", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-html-8.3.5-92.8.c3.s390.rpm", "packageName": "tcl-html", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "packageFilename": "expect-devel-5.38.0-92.8.x86_64.rpm", "packageName": "expect-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.1.4-92.8.c3", "packageFilename": "tix-8.1.4-92.8.c3.s390.rpm", "packageName": "tix", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.3-92.8.c3", "packageFilename": "tcllib-1.3-92.8.c3.ia64.rpm", "packageName": "tcllib", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expect-devel-5.38.0-92.8.c3.s390.rpm", "packageName": "expect-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tk-8.3.5-92.8.c3.s390.rpm", "packageName": "tk", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tk-devel-8.3.5-92.8.c3.ia64.rpm", "packageName": "tk-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tk-devel-8.3.5-92.8.c3.s390.rpm", "packageName": "tk-devel", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3-92.8.c3", "packageFilename": "tclx-8.3-92.8.c3.s390x.rpm", "packageName": "tclx", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-devel-8.3.5-92.8.x86_64.rpm", "packageName": "tcl-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tk-devel-8.3.5-92.8.c3.s390x.rpm", "packageName": "tk-devel", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-devel-8.3.5-92.8.c3.ia64.rpm", "packageName": "tcl-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3-92.8.c3", "packageFilename": "tclx-8.3-92.8.c3.s390.rpm", "packageName": "tclx", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expect-5.38.0-92.8.c3.ia64.rpm", "packageName": "expect", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.3-92.8.c3", "packageFilename": "tcllib-1.3-92.8.c3.s390x.rpm", "packageName": "tcllib", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expectk-5.38.0-92.8.c3.s390.rpm", "packageName": "expectk", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.3-92.8.c3", "packageFilename": "tcllib-1.3-92.8.c3.s390.rpm", "packageName": "tcllib", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.3-92.8", "packageFilename": "tcllib-1.3-92.8.i386.rpm", "packageName": "tcllib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3-92.8.c3", "packageFilename": "tclx-8.3-92.8.c3.ia64.rpm", "packageName": "tclx", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-8.3.5-92.8.c3.s390x.rpm", "packageName": "tcl", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-8.3.5-92.8.i386.rpm", "packageName": "tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-8.3.5-92.8.i386.rpm", "packageName": "tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8.c3", "packageFilename": "expect-5.38.0-92.8.c3.s390x.rpm", "packageName": "expect", "arch": "s390x", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-8.3.5-92.8.c3.s390.rpm", "packageName": "tcl", "arch": "s390", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "packageFilename": "expectk-5.38.0-92.8.i386.rpm", "packageName": "expectk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.2-92.8.c3", "packageFilename": "itcl-3.2-92.8.c3.ia64.rpm", "packageName": "itcl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.2-92.8", "packageFilename": "itcl-3.2-92.8.x86_64.rpm", "packageName": "itcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "3.2-92.8", "packageFilename": "itcl-3.2-92.8.i386.rpm", "packageName": "itcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "5.38.0-92.8", "packageFilename": "expect-5.38.0-92.8.x86_64.rpm", "packageName": "expect", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tcl-8.3.5-92.8.c3.ia64.rpm", "packageName": "tcl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.1.4-92.8.c3", "packageFilename": "tix-8.1.4-92.8.c3.ia64.rpm", "packageName": "tix", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.1.4-92.8", "packageFilename": "tix-8.1.4-92.8.x86_64.rpm", "packageName": "tix", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-devel-8.3.5-92.8.i386.rpm", "packageName": "tcl-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tk-devel-8.3.5-92.8.x86_64.rpm", "packageName": "tk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8.c3", "packageFilename": "tk-8.3.5-92.8.c3.ia64.rpm", "packageName": "tk", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "8.3.5-92.8", "packageFilename": "tcl-8.3.5-92.8.x86_64.rpm", "packageName": "tcl", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2008:0134\n\n\nTcl is a scripting language designed for embedding into other applications\r\nand for use with Tk, a widget set.\r\n\r\nAn input validation flaw was discovered in Tk's GIF image handling. A\r\ncode-size value read from a GIF image was not properly validated before\r\nbeing used, leading to a buffer overflow. A specially crafted GIF file\r\ncould use this to cause a crash or, potentially, execute code with the\r\nprivileges of the application using the Tk graphical toolkit.\r\n(CVE-2008-0553)\r\n\r\nA buffer overflow flaw was discovered in Tk's animated GIF image handling.\r\nAn animated GIF containing an initial image smaller than subsequent images\r\ncould cause a crash or, potentially, execute code with the privileges of\r\nthe application using the Tk library. (CVE-2007-5378)\r\n\r\nA flaw in the Tcl regular expression handling engine was discovered by Will\r\nDrewry. This flaw, first discovered in the Tcl regular expression engine\r\nused in the PostgreSQL database server, resulted in an infinite loop when\r\nprocessing certain regular expressions. (CVE-2007-4772)\r\n\r\nAll users are advised to upgrade to these updated packages which contain\r\nbackported patches which resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014691.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014694.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014706.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-February/014707.html\n\n**Affected packages:**\nexpect\nexpect-devel\nexpectk\nitcl\ntcl\ntcl-devel\ntcl-html\ntcllib\ntcltk\ntclx\ntix\ntk\ntk-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0134.html", "edition": 2, "reporter": "CentOS Project", "published": "2008-02-22T15:25:04", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "expect, expectk, itcl, tcl, tcllib, tcltk, tclx, tix, tk security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"], "modified": "2008-02-24T21:41:47", "href": "http://lists.centos.org/pipermail/centos-announce/2008-February/014691.html", "id": "CESA-2008:0134", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067", "https://bugs.gentoo.org/show_bug.cgi?id=204760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "8.0.15", "packageName": "dev-db/postgresql", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nIf using the \"expression indexes\" feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION in the index functions (CVE-2007-6600). Additionally, several errors involving regular expressions were found (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067). Eventually, a privilege escalation vulnerability via unspecified vectors in the DBLink module was reported (CVE-2007-6601). This vulnerability is exploitable when local trust or ident authentication is used, and is due to an incomplete fix of CVE-2007-3278. \n\n### Impact\n\nA remote authenticated attacker could send specially crafted queries containing complex regular expressions to the server that could result in a Denial of Service by a server crash (CVE-2007-4769), an infinite loop (CVE-2007-4772) or a memory exhaustion (CVE-2007-6067). The two other vulnerabilities can be exploited to gain additional privileges. \n\n### Workaround\n\nThere is no known workaround for all these issues at this time. \n\n### Resolution\n\nAll PostgreSQL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"dev-db/postgresql\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2008-01-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-29T00:00:00", "id": "GLSA-200801-15", "href": "https://security.gentoo.org/glsa/200801-15", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:21:24", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "ppc", "packageFilename": "postgresql-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "s390x", "packageFilename": "libecpg-dev_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "x86-64", "packageFilename": "libpgtypes2_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "s390x", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "hppa", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "ia64", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "x86-64", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1.diff", "packageName": "postgresql-8.1", "arch": "src", "packageFilename": "postgresql-8.1_8.1.11-0etch1.diff.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "sparc", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "sparc", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "i686", "packageFilename": "libecpg-compat2_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "i686", "packageFilename": "libpgtypes2_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "ppc", "packageFilename": "libpgtypes2_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "s390x", "packageFilename": "libecpg-compat2_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "x86-64", "packageFilename": "libecpg-compat2_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "hppa", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "ia64", "packageFilename": "postgresql-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "mips", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "arm", "packageFilename": "postgresql-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "sparc", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "s390x", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "i686", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "i686", "packageFilename": "libpq4_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "hppa", "packageFilename": "libpgtypes2_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "hppa", "packageFilename": "libecpg-dev_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "sparc", "packageFilename": "libpq4_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "x86-64", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "sparc", "packageFilename": "libecpg-dev_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "arm", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "alpha", "packageFilename": "postgresql-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "s390x", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "i686", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "i686", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "ia64", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "sparc", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "alpha", "packageFilename": "libecpg5_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "ia64", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "arm", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "hppa", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "ia64", "packageFilename": "libpq-dev_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "arm", "packageFilename": "libpq-dev_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "ia64", "packageFilename": "libecpg-compat2_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "alpha", "packageFilename": "libpq-dev_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "mips", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "hppa", "packageFilename": "libpq-dev_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "mips", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "x86-64", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "arm", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "i686", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "alpha", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "sparc", "packageFilename": "libecpg-compat2_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "alpha", "packageFilename": "libecpg-dev_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "s390x", "packageFilename": "libpq-dev_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "x86-64", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "ppc", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "hppa", "packageFilename": "libecpg-compat2_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "alpha", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "arm", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "mips", "packageFilename": "libpq-dev_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "mips", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "src", "packageFilename": "postgresql-8.1_8.1.11-0etch1.dsc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "alpha", "packageFilename": "libecpg-compat2_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "sparc", "packageFilename": "libecpg5_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "x86-64", "packageFilename": "libecpg-dev_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "s390x", "packageFilename": "libecpg5_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "arm", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "ppc", "packageFilename": "libpq4_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "s390x", "packageFilename": "libpgtypes2_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "alpha", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "ppc", "packageFilename": "libpq-dev_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "s390x", "packageFilename": "libpq4_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "ppc", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "x86-64", "packageFilename": "libpq4_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "mips", "packageFilename": "postgresql-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "x86-64", "packageFilename": "libpq-dev_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "alpha", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "sparc", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "mips", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "ppc", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "sparc", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "i686", "packageFilename": "libpq-dev_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "sparc", "packageFilename": "postgresql-8.1_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "alpha", "packageFilename": "libpgtypes2_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "ia64", "packageFilename": "libpq4_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "hppa", "packageFilename": "libecpg5_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "arm", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "alpha", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "x86-64", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plpython-8.1", "arch": "ia64", "packageFilename": "postgresql-plpython-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "x86-64", "packageFilename": "libecpg5_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "x86-64", "packageFilename": "postgresql-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "ppc", "packageFilename": "libecpg-compat2_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "hppa", "packageFilename": "postgresql-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "hppa", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "i686", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "i686", "packageFilename": "libecpg5_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "ia64", "packageFilename": "libecpg5_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "ia64", "packageFilename": "libpgtypes2_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "mips", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "i686", "packageFilename": "libecpg-dev_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "i686", "packageFilename": "postgresql-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "hppa", "packageFilename": "libpq4_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "x86-64", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_amd64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-client-8.1", "arch": "ia64", "packageFilename": "postgresql-client-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "s390x", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "mips", "packageFilename": "libpgtypes2_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq-dev", "arch": "sparc", "packageFilename": "libpq-dev_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "ppc", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-plperl-8.1", "arch": "hppa", "packageFilename": "postgresql-plperl-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "arm", "packageFilename": "libecpg5_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "mips", "packageFilename": "libpq4_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "hppa", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_hppa.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "mips", "packageFilename": "libecpg-dev_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "mips", "packageFilename": "libecpg5_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-doc-8.1", "arch": "all", "packageFilename": "postgresql-doc-8.1_8.1.11-0etch1_all.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-contrib-8.1", "arch": "alpha", "packageFilename": "postgresql-contrib-8.1_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "alpha", "packageFilename": "libpq4_8.1.11-0etch1_alpha.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "arm", "packageFilename": "libecpg-compat2_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg5", "arch": "ppc", "packageFilename": "libecpg5_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "s390x", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "ppc", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "arm", "packageFilename": "libpgtypes2_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "arm", "packageFilename": "libecpg-dev_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-8.1", "arch": "s390x", "packageFilename": "postgresql-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-compat2", "arch": "mips", "packageFilename": "libecpg-compat2_8.1.11-0etch1_mips.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-pltcl-8.1", "arch": "i686", "packageFilename": "postgresql-pltcl-8.1_8.1.11-0etch1_i386.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpgtypes2", "arch": "sparc", "packageFilename": "libpgtypes2_8.1.11-0etch1_sparc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11.orig", "packageName": "postgresql-8.1", "arch": "src", "packageFilename": "postgresql-8.1_8.1.11.orig.tar.gz", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libpq4", "arch": "arm", "packageFilename": "libpq4_8.1.11-0etch1_arm.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "ppc", "packageFilename": "libecpg-dev_8.1.11-0etch1_powerpc.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "libecpg-dev", "arch": "ia64", "packageFilename": "libecpg-dev_8.1.11-0etch1_ia64.deb", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.11-0etch1", "packageName": "postgresql-server-dev-8.1", "arch": "s390x", "packageFilename": "postgresql-server-dev-8.1_8.1.11-0etch1_s390.deb", "operator": "lt"}], "edition": 1, "description": "Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: \n\n * [CVE-2007-3278](<https://security-tracker.debian.org/tracker/CVE-2007-3278>)\n\nIt was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as [CVE-2007-6601](<https://security-tracker.debian.org/tracker/CVE-2007-6601>), since the initial upstream fix was incomplete. \n\n * [CVE-2007-4769](<https://security-tracker.debian.org/tracker/CVE-2007-4769>)\n\nTavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-4772](<https://security-tracker.debian.org/tracker/CVE-2007-4772>)\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-6067](<https://security-tracker.debian.org/tracker/CVE-2007-6067>)\n\nTavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. \n\n * [CVE-2007-6600](<https://security-tracker.debian.org/tracker/CVE-2007-6600>)\n\nFunctions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at <http://www.postgresql.org/about/news.905>. \n\nThe old stable distribution (sarge), doesn't contain postgresql-8.1. \n\nFor the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. \n\nFor the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. \n\nWe recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.", "reporter": "Debian", "published": "2008-01-13T00:00:00", "title": "postgresql-8.1 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-13T00:00:00", "href": "http://www.debian.org/security/dsa-1460", "id": "DSA-1460", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "references": [], "description": "Today the PostgreSQL Global Development Group is releasing updated \r\nversions which patch five security vulnerabilities. These releases \r\nupdate all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and \r\n7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins \r\nshould install the update as soon as they reasonably can. Our security \r\nteam has made all efforts to make these patches backwards-compatible, \r\nand upgrading does not require converting your data files.\r\n\r\nPlease read the remainder of this message for further important details \r\nand announcements.\r\n\r\nDetails of Security Fixes\r\n----------------------------\r\nThere are five security fixes included in this release. None of these \r\nissues are known to have been exploited in the field; they were \r\ndiscovered through security analysis.\r\n\r\nIndex Functions Privilege Escalation &#40;CVE-2007-6600&#41;: as a unique \r\nfeature, PostgreSQL allows users to create indexes on the results of \r\nuser-defined functions, known as &quot;expression indexes&quot;. This provided \r\ntwo vulnerabilities to privilege escalation: &#40;1&#41; index functions were \r\nexecuted as the superuser and not the table owner during VACUUM and \r\nANALYZE, and &#40;2&#41; that SET ROLE and SET SESSION AUTHORIZATION were \r\npermitted within index functions. Both of these holes have now been closed.\r\n\r\nRegular Expression Denial-of-Service &#40;CVE-2007-4772, CVE-2007-6067, \r\nCVE-2007-4769&#41;: three separate issues in the regular expression \r\nlibraries used by PostgreSQL allowed malicious users to initiate a \r\ndenial-of-service by passing certain regular expressions in SQL queries. \r\n First, users could create infinite loops using some specific regular \r\nexpressions. Second, certain complex regular expressions could consume \r\nexcessive amounts of memory. Third, out-of-range backref numbers could \r\nbe used to crash the backend. All of these issues have been patched.\r\n\r\nDBLink Privilege Escalation &#40;CVE-2007-6601&#41;: DBLink functions combined \r\nwith local trust or ident authentication could be used by a malicious \r\nuser to gain superuser privileges. This issue has been fixed, and does \r\nnot affect users who have not installed DBLink &#40;an optional module&#41;, or \r\nwho are using password authentication for local access. This same \r\nproblem was addressed in the previous release cycle &#40;see CVE-2007-3278&#41;, \r\nbut that patch failed to close all forms of the loophole.\r\n\r\nEOL Notices\r\n---------------------\r\nMinor release 7.3.21 for PostgreSQL version 7.3 will be the last update \r\nto the 7.3 branch. As version 7.3 is now over five years old, the \r\ncommunity will no longer release patches for it after today&#39;s release. \r\nUsers of version 7.3 are encouraged to upgrade to a more current version \r\nas soon as possible, or to seek support from a commercial support vendor \r\nwho is willing to continue backpatching for them.\r\n\r\n8.1.11 and 8.0.15 are also the last 8.1 and 8.0 update releases for \r\nwhich the PostgreSQL community will produce binary packages for Windows. \r\nWindows users are encouraged to move to 8.2.6 or later, since there are \r\nWindows-specific fixes in 8.2 that are impractical to back-port. 8.1 \r\nand 8.0 updates will continue to be supported on other platforms and in \r\nsource form.\r\n\r\nDownload and Install\r\n------------------------\r\nPostgreSQL minor releases 8.2.6, 8.1.11, 8.0.15, 7.4.19 and 7.3.21 are \r\navailable through our FTP mirror network:\r\n\r\n-- Source Code: http://www.postgresql.org/ftp/source/\r\n-- Binaries for some platforms: http://www.postgresql.org/ftp/binary/\r\n\r\nIf you need additional information on the included updates, it&#39;s \r\navailable in our Release Notes \r\n&#40;http://www.postgresql.org/docs/current/static/release.html&#41;. These \r\nupgrades can be copied directly over existing PostgreSQL binaries and do \r\nnot require dump-and-reload for any system which has been updated in the \r\nlast six months &#40;older versions may require some specific post-update \r\nsteps; see the release notes&#41;.\r\n\r\nAs always, PostgreSQL update releases are cumulative. All security \r\nfixes will be included in the upcoming version 8.3 release candidate. \r\nThis notice will be posted to the PostgreSQL security page: \r\nhttp://www.postgresql.org/support/security\r\n\r\n-- PostgreSQL Global Development Group", "edition": 1, "reporter": "Securityvulns", "published": "2008-01-08T00:00:00", "title": "PostgreSQL 2007-01-07 Cumulative Security Release", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:24", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-08T00:00:00", "id": "SECURITYVULNS:DOC:18816", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18816", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:28", "references": ["https://vulners.com/securityvulns/securityvulns:doc:18816"], "description": "Privilege escalation with indexing functions, privilege escalation with DBLink, DoS with regular expressions.", "edition": 1, "reporter": "BUGTRAQ", "published": "2008-01-08T00:00:00", "title": "PostgreSQL database server multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:28", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PostgreSQL", "version": "7.4", "operator": "eq"}, {"name": "PostgreSQL", "version": "8.1", "operator": "eq"}, {"name": "PostgreSQL", "version": "7.3", "operator": "eq"}, {"name": "PostgreSQL", "version": "8.2", "operator": "eq"}, {"name": "PostgreSQL", "version": "8.0", "operator": "eq"}], "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-08T00:00:00", "id": "SECURITYVULNS:VULN:8539", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8539", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:23", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:188\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : postgresql\r\n Date : September 25, 2007\r\n Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n PostgreSQL 8.1 and probably later and earlier versions, when local\r\n trust authentication is enabled and the Database Link library &#40;dblink&#41;\r\n is installed, allows remote attackers to access arbitrary accounts\r\n and execute arbitrary SQL queries via a dblink host parameter that\r\n proxies the connection from 127.0.0.1. &#40;CVE-2007-3278&#41;\r\n \r\n PostgreSQL 8.1 and probably later and earlier versions, when the\r\n PL/pgSQL &#40;plpgsql&#41; language has been created, grants certain plpgsql\r\n privileges to the PUBLIC domain, which allows remote attackers\r\n to create and execute functions, as demonstrated by functions that\r\n perform local brute-force password guessing attacks, which may evade\r\n intrusion detection. &#40;CVE-2007-3279&#41;\r\n \r\n The Database Link library &#40;dblink&#41; in PostgreSQL 8.1 implements\r\n functions via CREATE statements that map to arbitrary libraries based\r\n on the C programming language, which allows remote authenticated\r\n superusers to map and execute a function from any library, as\r\n demonstrated by using the system function in libc.so.6 to gain shell\r\n access. &#40;CVE-2007-3280&#41;\r\n \r\n Updated packages fix these issues, by requiring non-superusers who\r\n use /contrib/dblink to use only password authentication.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3278\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3279\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3280\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.0:\r\n 8e0e2cff4bbda7444671086bd7e0430b 2007.0/i586/libecpg5-8.1.10-0.1mdv2007.0.i586.rpm\r\n 3be5df4380e5680c3a2adc9ba74543fb 2007.0/i586/libecpg5-devel-8.1.10-0.1mdv2007.0.i586.rpm\r\n 59594d2f05d4f23a467b2bd684bc0fa3 2007.0/i586/libpq4-8.1.10-0.1mdv2007.0.i586.rpm\r\n aba27ad1b97f86debfd63b1ae76558a9 2007.0/i586/libpq4-devel-8.1.10-0.1mdv2007.0.i586.rpm\r\n dc4bc45a46d1b69cf13991d70d7d0c71 2007.0/i586/postgresql-8.1.10-0.1mdv2007.0.i586.rpm\r\n 7a487ba0458f09c21b941f1a76f74357 2007.0/i586/postgresql-contrib-8.1.10-0.1mdv2007.0.i586.rpm\r\n 08a4a0ba67e4c83c43931e61983348ca 2007.0/i586/postgresql-devel-8.1.10-0.1mdv2007.0.i586.rpm\r\n 1c02f6136ace73a51ea365c77f28ea6a 2007.0/i586/postgresql-docs-8.1.10-0.1mdv2007.0.i586.rpm\r\n a13c547f110fa39ed62a843526f70e8e 2007.0/i586/postgresql-pl-8.1.10-0.1mdv2007.0.i586.rpm\r\n 305884f17ccaee34ee2ac3d2dc1c8170 2007.0/i586/postgresql-plperl-8.1.10-0.1mdv2007.0.i586.rpm\r\n cc34a8f0e4bef8d6a0adddc54c3d8f2c 2007.0/i586/postgresql-plpgsql-8.1.10-0.1mdv2007.0.i586.rpm\r\n 43d8bf8f3613e038441551cb1662eb8d 2007.0/i586/postgresql-plpython-8.1.10-0.1mdv2007.0.i586.rpm\r\n 770b9fc3031c9b97aa0ca8d2ac669e6c 2007.0/i586/postgresql-pltcl-8.1.10-0.1mdv2007.0.i586.rpm\r\n f5a0af71805f7c430696cbbb03ad922f 2007.0/i586/postgresql-server-8.1.10-0.1mdv2007.0.i586.rpm\r\n 1e043a882b3d9d445414dabebb96fcf4 2007.0/i586/postgresql-test-8.1.10-0.1mdv2007.0.i586.rpm \r\n be22e5ac6dd504511798d4caa3c3f1df 2007.0/SRPMS/postgresql-8.1.10-0.1mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n 3dab8c951c0944e1bc3a00d4ca64d32e 2007.0/x86_64/lib64ecpg5-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 1d6c86c2593873bf9c4adc4745d3abc2 2007.0/x86_64/lib64ecpg5-devel-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 3141c891ff439c458803cd258fc4479b 2007.0/x86_64/lib64pq4-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 9a30293d6761c4b2b1f2a2e8b284f0ff 2007.0/x86_64/lib64pq4-devel-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 25006369de4abf770fc7a516a762a897 2007.0/x86_64/postgresql-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 5ce4bad8022fc65eb7d1db9d53f32551 2007.0/x86_64/postgresql-contrib-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 03a29dc13f4f556d8df0dcaa07c4766d 2007.0/x86_64/postgresql-devel-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 89ba6a9c0c747108df0209167150c02f 2007.0/x86_64/postgresql-docs-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n a723d7449913d52fca2030d0e63ca182 2007.0/x86_64/postgresql-pl-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 827c1b0092c8b86b6631d16eb30b904e 2007.0/x86_64/postgresql-plperl-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n b2c9eda89df39db40ec55d7a383b15b5 2007.0/x86_64/postgresql-plpgsql-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 25ea855473edb7ef6c9dc372957c2277 2007.0/x86_64/postgresql-plpython-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 23ae5b09b00e0b8518f1ada8163d57a0 2007.0/x86_64/postgresql-pltcl-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 464d1f64bdb2b0f16c6be7b56c71b346 2007.0/x86_64/postgresql-server-8.1.10-0.1mdv2007.0.x86_64.rpm\r\n 900cfbe6d3adac1711779b21b3dd4100 2007.0/x86_64/postgresql-test-8.1.10-0.1mdv2007.0.x86_64.rpm \r\n be22e5ac6dd504511798d4caa3c3f1df 2007.0/SRPMS/postgresql-8.1.10-0.1mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.1:\r\n 28b4b8a53e1dc0117441630c75e8c4ae 2007.1/i586/libecpg5-8.2.5-0.1mdv2007.1.i586.rpm\r\n 697b841fa6fcf2fe92e5509ed9b262a3 2007.1/i586/libecpg5-devel-8.2.5-0.1mdv2007.1.i586.rpm\r\n 5c6d7bd957121c443fe31562f9fe6261 2007.1/i586/libpq5-8.2.5-0.1mdv2007.1.i586.rpm\r\n be14414b10e8ca06c576090cc802de26 2007.1/i586/libpq5-devel-8.2.5-0.1mdv2007.1.i586.rpm\r\n 00baebc695b0d791aacbb0fe1c08e0ad 2007.1/i586/postgresql-8.2.5-0.1mdv2007.1.i586.rpm\r\n 97c538ee913a520f429b4581013edc3e 2007.1/i586/postgresql-contrib-8.2.5-0.1mdv2007.1.i586.rpm\r\n b9daafeed274fd9ddb1bd4fdadf03f3f 2007.1/i586/postgresql-devel-8.2.5-0.1mdv2007.1.i586.rpm\r\n 75da06b542bbea1f4278a4ba8c5f46bb 2007.1/i586/postgresql-docs-8.2.5-0.1mdv2007.1.i586.rpm\r\n 89dfcbe1690c2f4e5917b81c17205d10 2007.1/i586/postgresql-pl-8.2.5-0.1mdv2007.1.i586.rpm\r\n 72ef35d3c36a7f7850dab8f095980e44 2007.1/i586/postgresql-plperl-8.2.5-0.1mdv2007.1.i586.rpm\r\n 6b3e178ac649527dfcb3adfbbbfbe44e 2007.1/i586/postgresql-plpgsql-8.2.5-0.1mdv2007.1.i586.rpm\r\n c6066550b12d0cd826d16ad57151d323 2007.1/i586/postgresql-plpython-8.2.5-0.1mdv2007.1.i586.rpm\r\n cb6f37ca6ff51f09dba6f1668af9d594 2007.1/i586/postgresql-pltcl-8.2.5-0.1mdv2007.1.i586.rpm\r\n 63e6b9fe073410b34165ddf147ed6011 2007.1/i586/postgresql-server-8.2.5-0.1mdv2007.1.i586.rpm\r\n 982a89aee68c2fe2a4528f7a53443a23 2007.1/i586/postgresql-test-8.2.5-0.1mdv2007.1.i586.rpm \r\n b8b3ac22c8f39026cfcade15cc2aea94 2007.1/SRPMS/postgresql-8.2.5-0.1mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n 1d5111ef660b6fb5247839ba75fc37a3 2007.1/x86_64/lib64ecpg5-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n d365d0cf979e1c2632e144ba2ff051a5 2007.1/x86_64/lib64ecpg5-devel-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n bcb2d08186934a70a8088ad7b26348ff 2007.1/x86_64/lib64pq5-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 687c54dd685832e3458f4474ba329659 2007.1/x86_64/lib64pq5-devel-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n d7ea11ad9524fdab20225117b20f2717 2007.1/x86_64/postgresql-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 1a2e68d503b6903bd2f4934ea768f055 2007.1/x86_64/postgresql-contrib-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n d877344b20f92228f8021985fa69ab21 2007.1/x86_64/postgresql-devel-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 757f20c5feecec4087bf006b8cdba0b3 2007.1/x86_64/postgresql-docs-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 59b65c9035d55e44c28ee37d6b449646 2007.1/x86_64/postgresql-pl-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 30b2a348faafbf1a1772427207cbd162 2007.1/x86_64/postgresql-plperl-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 18a270c6a3cf0c8e6135c7d1c19a2328 2007.1/x86_64/postgresql-plpgsql-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n a75d1de15ff8bb8b888d8d843a3f3f55 2007.1/x86_64/postgresql-plpython-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 9b6aaeda052fbc274de087987e8681c8 2007.1/x86_64/postgresql-pltcl-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n 8ad62e7c5319a0e2c5b5079512dca7b9 2007.1/x86_64/postgresql-server-8.2.5-0.1mdv2007.1.x86_64.rpm\r\n b5409350a8877578ab54ae4a0e7f61cd 2007.1/x86_64/postgresql-test-8.2.5-0.1mdv2007.1.x86_64.rpm \r\n b8b3ac22c8f39026cfcade15cc2aea94 2007.1/SRPMS/postgresql-8.2.5-0.1mdv2007.1.src.rpm\r\n\r\n Corporate 3.0:\r\n 588715bb0163718873938ff86f1d4202 corporate/3.0/i586/libecpg3-7.4.18-0.1.C30mdk.i586.rpm\r\n 928ab48c3f7617f757644bcacc034710 corporate/3.0/i586/libecpg3-devel-7.4.18-0.1.C30mdk.i586.rpm\r\n 72f7fd9f4d05c667070052446017f6bc corporate/3.0/i586/libpgtcl2-7.4.18-0.1.C30mdk.i586.rpm\r\n 290f3c248453b5b6fd1117be7e1ab747 corporate/3.0/i586/libpgtcl2-devel-7.4.18-0.1.C30mdk.i586.rpm\r\n aaa399732adf2e6fa080135de4fc1862 corporate/3.0/i586/libpq3-7.4.18-0.1.C30mdk.i586.rpm\r\n fe8fbed859473f11ba528a55f58e9d46 corporate/3.0/i586/libpq3-devel-7.4.18-0.1.C30mdk.i586.rpm\r\n 5061808637e3c371f9736055af4aa037 corporate/3.0/i586/postgresql-7.4.18-0.1.C30mdk.i586.rpm\r\n fcd466fade3f59c11c5b557280f10797 corporate/3.0/i586/postgresql-contrib-7.4.18-0.1.C30mdk.i586.rpm\r\n ed805cb294ec49aa896fb0c74cd4c963 corporate/3.0/i586/postgresql-devel-7.4.18-0.1.C30mdk.i586.rpm\r\n 960a6ec9df468b8a4246439d81e1f83f corporate/3.0/i586/postgresql-docs-7.4.18-0.1.C30mdk.i586.rpm\r\n abf0aadc29a47561556e0b3989cef2ce corporate/3.0/i586/postgresql-jdbc-7.4.18-0.1.C30mdk.i586.rpm\r\n cb8a2fd57dd82f5ccb38cf01e75297d9 corporate/3.0/i586/postgresql-pl-7.4.18-0.1.C30mdk.i586.rpm\r\n aa32657f105fe2a691ff96bcc4ba741e corporate/3.0/i586/postgresql-server-7.4.18-0.1.C30mdk.i586.rpm\r\n 2fdb9a752cf31d82ebb00df0588130c6 corporate/3.0/i586/postgresql-tcl-7.4.18-0.1.C30mdk.i586.rpm\r\n fe46f24547fa10573306933033926061 corporate/3.0/i586/postgresql-test-7.4.18-0.1.C30mdk.i586.rpm \r\n 180401c4053b1517946e5f30d58b9d4b corporate/3.0/SRPMS/postgresql-7.4.18-0.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 81c7148e224774ff1d0af00d70cbf3dd corporate/3.0/x86_64/lib64ecpg3-7.4.18-0.1.C30mdk.x86_64.rpm\r\n bb141143be18ef10210753b1d938056d corporate/3.0/x86_64/lib64ecpg3-devel-7.4.18-0.1.C30mdk.x86_64.rpm\r\n c7699ded100b384d7700c9036a89bae8 corporate/3.0/x86_64/lib64pgtcl2-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 2295fb70c32eda4c04d06526a09abfd4 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.18-0.1.C30mdk.x86_64.rpm\r\n db97ceb3194087a390ddb03c69b30c8a corporate/3.0/x86_64/lib64pq3-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 41b623e7e1a24deb6d31a03082577556 corporate/3.0/x86_64/lib64pq3-devel-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 39f0e5df87ebb9539ec42cee909a8645 corporate/3.0/x86_64/postgresql-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 48469cd980bbc2d29ec6eb3a45bc77bb corporate/3.0/x86_64/postgresql-contrib-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 4b2bd788cba6e39b223e0452ccefb102 corporate/3.0/x86_64/postgresql-devel-7.4.18-0.1.C30mdk.x86_64.rpm\r\n a64df12801fc2a4bda8d7c8e5834a436 corporate/3.0/x86_64/postgresql-docs-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 5922318852bd8de043ba30cd55e7fe29 corporate/3.0/x86_64/postgresql-jdbc-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 832eebcd9ab3c06b9473f2d3289dc05c corporate/3.0/x86_64/postgresql-pl-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 02510d7e598d40f25dd6c610d1546027 corporate/3.0/x86_64/postgresql-server-7.4.18-0.1.C30mdk.x86_64.rpm\r\n c9ce6d529054cd8b21a92b03dbc0896b corporate/3.0/x86_64/postgresql-tcl-7.4.18-0.1.C30mdk.x86_64.rpm\r\n 04a0e3f49d4f91935132a20bccdffeb3 corporate/3.0/x86_64/postgresql-test-7.4.18-0.1.C30mdk.x86_64.rpm \r\n 180401c4053b1517946e5f30d58b9d4b corporate/3.0/SRPMS/postgresql-7.4.18-0.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n 0f2321b2bc99ed8aee6aecdb49ab33df corporate/4.0/i586/libecpg5-8.1.10-0.1.20060mlcs4.i586.rpm\r\n e23d1d0fa713e09f66feaf0e1ad751c0 corporate/4.0/i586/libecpg5-devel-8.1.10-0.1.20060mlcs4.i586.rpm\r\n b8765e2b0650d2e71aec83652d2a4e7c corporate/4.0/i586/libpq4-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 8cd02f43142df2ffe865d694332ec01f corporate/4.0/i586/libpq4-devel-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 5c02374f4b80d8abfb5f03d4bc108c08 corporate/4.0/i586/postgresql-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 6c51a1332a49afb9a5645255f059aca6 corporate/4.0/i586/postgresql-contrib-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 72e90c47c7fda06bc9dedce429848acc corporate/4.0/i586/postgresql-devel-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 1b31a1a48b6b1fba2244517a2a789992 corporate/4.0/i586/postgresql-docs-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 08425c9962e55546592c03a28fa3177b corporate/4.0/i586/postgresql-pl-8.1.10-0.1.20060mlcs4.i586.rpm\r\n b2888a0453e8a6d9914fb09bb2ae4c30 corporate/4.0/i586/postgresql-plperl-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 7f1fa8b30628ed65bdc7e01fa287dcfd corporate/4.0/i586/postgresql-plpgsql-8.1.10-0.1.20060mlcs4.i586.rpm\r\n f077a91da95c35725f167dd0f9033376 corporate/4.0/i586/postgresql-plpython-8.1.10-0.1.20060mlcs4.i586.rpm\r\n d4f4a70065a40b0e036d9adc63dfdb30 corporate/4.0/i586/postgresql-pltcl-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 54cf91740d33e33e6d1a0a05212884d1 corporate/4.0/i586/postgresql-server-8.1.10-0.1.20060mlcs4.i586.rpm\r\n 1ec216cc5f3dcc15796e0b70523840c5 corporate/4.0/i586/postgresql-test-8.1.10-0.1.20060mlcs4.i586.rpm \r\n 6aa551b36336a70ce3cc58dc073a3485 corporate/4.0/SRPMS/postgresql-8.1.10-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 50e3eefd32275cf5b651417cbc4216a1 corporate/4.0/x86_64/lib64ecpg5-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 9d795789cc60f424e39d10a9a627fab6 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 7bc3a22a9a1c8b179223f8f300652539 corporate/4.0/x86_64/lib64pq4-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n b4f5279bc1c028e9633ff3ae69df2e98 corporate/4.0/x86_64/lib64pq4-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 135f2583ebba8c937ef65e94cfff4b46 corporate/4.0/x86_64/postgresql-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n b29df3a033c4f80d93166c4e075a73dc corporate/4.0/x86_64/postgresql-contrib-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n c46e540ca5e063b53feb63e06f438f66 corporate/4.0/x86_64/postgresql-devel-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 49a645929b23b095d68b1343d33ed584 corporate/4.0/x86_64/postgresql-docs-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 0bc2d6034bbdf336283afd735c141987 corporate/4.0/x86_64/postgresql-pl-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 7ed1208bb18735772c6cecd5c005c635 corporate/4.0/x86_64/postgresql-plperl-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n b1fe1e0863f0f7a7231146b7707b18d5 corporate/4.0/x86_64/postgresql-plpgsql-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 76223a8ac834672a08f8005890ac3b89 corporate/4.0/x86_64/postgresql-plpython-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 1d755e3c55734e3a372d34f8ed1be73d corporate/4.0/x86_64/postgresql-pltcl-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n 9f65beb9255b19140e6e3e27c9ee6f55 corporate/4.0/x86_64/postgresql-server-8.1.10-0.1.20060mlcs4.x86_64.rpm\r\n f06a3c86c59c737d944bde1eaedae166 corporate/4.0/x86_64/postgresql-test-8.1.10-0.1.20060mlcs4.x86_64.rpm \r\n 6aa551b36336a70ce3cc58dc073a3485 corporate/4.0/SRPMS/postgresql-8.1.10-0.1.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFG+R9nmqjQ0CJFipgRAjkrAJ4rLVY2zOlBYaHYlYGaOb3P/tr99QCgw7+v\r\n3mptByzoXB2Nsufxf1Onuf8=\r\n=p4xq\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2007-09-26T00:00:00", "title": "[ MDKSA-2007:188 ] - Updated postgresql packages prevent access abuse using dblink", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:23", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-3278", "CVE-2007-3279", "CVE-2007-3280"], "modified": "2007-09-26T00:00:00", "id": "SECURITYVULNS:DOC:18080", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18080", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:27", "references": ["https://vulners.com/securityvulns/securityvulns:doc:18080"], "description": "Privilege escalation.", "edition": 1, "reporter": "CVE", "published": "2007-09-26T00:00:00", "title": "PostgreSQL dblink library multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:27", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PostgreSQL", "version": "8.1", "operator": "eq"}], "cvelist": ["CVE-2007-3278", "CVE-2007-3279", "CVE-2007-3280"], "modified": "2007-09-26T00:00:00", "id": "SECURITYVULNS:VULN:8191", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8191", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:32", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:333\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : postgresql\r\n Date : December 15, 2009\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and corrected in postgresql:\r\n \r\n NULL Bytes in SSL Certificates can be used to falsify client or server\r\n authentication. This only affects users who have SSL enabled, perform\r\n certificate name validation or client certificate authentication,\r\n and where the Certificate Authority &#40;CA&#41; has been tricked into\r\n issuing invalid certificates. The use of a CA that can be trusted to\r\n always issue valid certificates is recommended to ensure you are not\r\n vulnerable to this issue &#40;CVE-2009-4034&#41;.\r\n \r\n Privilege escalation via changing session state in an index\r\n function. This closes a corner case related to vulnerabilities\r\n CVE-2009-3230 and CVE-2007-6600 &#40;CVE-2009-4136&#41;.\r\n \r\n Packages for 2008.0 are being provided due to extended support for\r\n Corporate products.\r\n \r\n This update provides a solution to these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136\r\n http://www.postgresql.org/support/security\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 7a4134b7ab1675be4c53ff6b4922d7e0 2008.0/i586/libecpg5-8.2.15-0.1mdv2008.0.i586.rpm\r\n b8fe1351d19899fbca1a67929b0b4be7 2008.0/i586/libecpg-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n e86a98de348ba90bc6a1f16f02daa6e1 2008.0/i586/libpq5-8.2.15-0.1mdv2008.0.i586.rpm\r\n 551363cff118bee0b87dd827dddce669 2008.0/i586/libpq-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n ef3c1b9a831fedf1399f8b72cd65f748 2008.0/i586/postgresql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d308631e61cd6236e40827b78c9c2951 2008.0/i586/postgresql8.2-8.2.15-0.1mdv2008.0.i586.rpm\r\n f8e97d697f69e43dc4bb2a96e64600cd 2008.0/i586/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.i586.rpm\r\n 863015525b015c812f963a2af63fc7dd 2008.0/i586/postgresql8.2-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6340e0530e254732d654d8f6211d5198 2008.0/i586/postgresql8.2-docs-8.2.15-0.1mdv2008.0.i586.rpm\r\n e098dee5477edb0b7549b65ddb440cb5 2008.0/i586/postgresql8.2-pl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 05cda82443737a12c7c8c3622e762618 2008.0/i586/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6a66bc2cc80538a4db3e44ca97740a7f 2008.0/i586/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d01866d6fa8d18865e8f47744d0053bd 2008.0/i586/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.i586.rpm\r\n 0e250c776673c8595ed4f57194ceff15 2008.0/i586/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.i586.rpm\r\n f69196c2af80f25abaae6cdb5273a985 2008.0/i586/postgresql8.2-server-8.2.15-0.1mdv2008.0.i586.rpm\r\n 5c96b2bdfdb5f4b23280de184d76bb4c 2008.0/i586/postgresql8.2-test-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6c203c33bef69b8f676d1acd782d3526 2008.0/i586/postgresql-devel-8.2.15-0.1mdv2008.0.i586.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n ef654ee6768a32df7021cb7c1b95151d 2008.0/x86_64/lib64ecpg5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4272c2616fce89a650e102effb3e2427 2008.0/x86_64/lib64ecpg-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a45cc8104b4758913384375c6f9d993b 2008.0/x86_64/lib64pq5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a5beab729e5e4c04374f44b8ed0e7c0d 2008.0/x86_64/lib64pq-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n bc9a43e16b3fe38c26011f76e6e796ea 2008.0/x86_64/postgresql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 632cc2bd4f2d099de6f18cc5a4ed28b9 2008.0/x86_64/postgresql8.2-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n da76130aeaec4d962904ed0c2c566c63 2008.0/x86_64/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 9061e32e63cc8dfc68a393dc986b6b92 2008.0/x86_64/postgresql8.2-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 2d88f5b268d6661771fd76eccbca7f82 2008.0/x86_64/postgresql8.2-docs-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 46a1f1beb87d1a3618470b5a1427b53d 2008.0/x86_64/postgresql8.2-pl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a8126282c514a3b22736c6bf2d3ca570 2008.0/x86_64/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 5aada115ff9cd3c44cd9032d88bd93c4 2008.0/x86_64/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4c9433b70a16300a304ee04b3aeb7abe 2008.0/x86_64/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n cf01e27ebed1d7541c7dfe9fe7eaec20 2008.0/x86_64/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 16fe157d591066b6c7bd12ef79c78972 2008.0/x86_64/postgresql8.2-server-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n c5b58224e6becb9334cd555747fd040e 2008.0/x86_64/postgresql8.2-test-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 0e826718d8fe8571618ffdff6304b9d9 2008.0/x86_64/postgresql-devel-8.2.15-0.1mdv2008.0.x86_64.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n eb4c7ac210259c34ce96873fa11cdd7b 2009.0/i586/libecpg8.3_6-8.3.9-0.1mdv2009.0.i586.rpm\r\n ea79f082d51e575072e22e3f37705e76 2009.0/i586/libpq8.3_5-8.3.9-0.1mdv2009.0.i586.rpm\r\n 21dda67f89a7291aa530bdc0b04b3893 2009.0/i586/postgresql8.3-8.3.9-0.1mdv2009.0.i586.rpm\r\n 09d1a7d4bcad3b754772e03bfdd85768 2009.0/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.i586.rpm\r\n ec004d65e57abb94a1c40ebd0e8b0a24 2009.0/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.0.i586.rpm\r\n cae8230c899fd71fd28fc3baaa983e95 2009.0/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.0.i586.rpm\r\n e9a46436f40e44e2b4757b6ee2db2dc3 2009.0/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.0.i586.rpm\r\n edc0dcc12a27a2166f8e14f147f8540d 2009.0/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1c8b6afc908d4e0037085b2b275b0893 2009.0/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.i586.rpm\r\n f0a4b90047b26f6de9c0c5475ede00e8 2009.0/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1bbd1b65ed0b65a62963eaccb8008666 2009.0/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 27124329934314f3f73571e83e5fdaf3 2009.0/i586/postgresql8.3-server-8.3.9-0.1mdv2009.0.i586.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 6aa7262c7041f8fb039a8031965a6a71 2009.0/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 61af7c606839a7fff0ff56991dfd7021 2009.0/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 2ff4745b162e6b4234862b1b2fcd315f 2009.0/x86_64/postgresql8.3-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 50d9eaffaf04beea769d22e058a1f2a8 2009.0/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n d9fe796fce569179e8e99ae74a63af76 2009.0/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 980a800e9ac2a0890d24ae0e843fd6e0 2009.0/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 27334694d9da6e19904c8198d7f6ef43 2009.0/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 68f2566b2de77da452d4b8043cf8a0de 2009.0/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 31c3643e58947d76207345d8e82a6483 2009.0/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 8e342cf436ed4bd6ea61244bca980054 2009.0/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 30ba385a932cf752cfd85dd3a0833c40 2009.0/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n e1253c9933f47db51ecd7edc825a703e 2009.0/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.0.x86_64.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 91a80a39b17253f9321f325979afff81 2009.1/i586/libecpg8.3_6-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b27f7064a9b75d50d54e3d782ccea54 2009.1/i586/libpq8.3_5-8.3.9-0.1mdv2009.1.i586.rpm\r\n 62da0a6d0030c98fd608a33fb123456c 2009.1/i586/postgresql8.3-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7c7dede7142fd2e3ed2ebdb3c519b623 2009.1/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.i586.rpm\r\n 345e475a35916f7416d4f8b0bf75436b 2009.1/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.1.i586.rpm\r\n 97a70a0872a839f83a2739eaed6607a9 2009.1/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.1.i586.rpm\r\n 0eed7e9ebefdddcaf27e42d33629dabf 2009.1/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 61952d53ebee9a18a5cf9a10988c4fa3 2009.1/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 9cdd01198d4d25ef569cc081c411c050 2009.1/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b9ba830df3a61827eab05cfada3f09b 2009.1/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.i586.rpm\r\n 42fb3e9486162d383bc67d24eb613b1f 2009.1/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.i586.rpm\r\n db31dcac659eed1a48ee714125c61e78 2009.1/i586/postgresql8.3-server-8.3.9-0.1mdv2009.1.i586.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n c803bc340e21af79f5745df0fee8aead 2009.1/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 616b2b6f79a848fe57410af986c81bda 2009.1/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 877e5894da539e59805469d16dfda370 2009.1/x86_64/postgresql8.3-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n be3ece7cf5ae31d25dc365389b4e8334 2009.1/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n c58f7bf0768b22f5ff229c5cfd4c5f52 2009.1/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n f3252fd034dcf0a47552b78439fccd4a 2009.1/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 1b425723f71982812ebf429188cb88da 2009.1/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 5b463c7748dcc5fae7b1e7443ee75694 2009.1/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 70d521df18f5fbfffe7073b95a614ff8 2009.1/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 33a607815a4da55a66101fd13062477e 2009.1/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 508aae591f0f59aecde2f4212416a45c 2009.1/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 8b8f650803166b84ba3a3ff4c538ab89 2009.1/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.1.x86_64.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 1869824366c51ebb0b55055426bd2c53 2010.0/i586/libecpg8.4_6-8.4.2-0.1mdv2010.0.i586.rpm\r\n 2bb29a6b0aaa2d556b6c9d5b86a6fac2 2010.0/i586/libpq8.4_5-8.4.2-0.1mdv2010.0.i586.rpm\r\n 234ea96d6f15028e48fb4d67ba8e3dc0 2010.0/i586/postgresql8.4-8.4.2-0.1mdv2010.0.i586.rpm\r\n c044f451d83daa297d1b6bea592c5759 2010.0/i586/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.i586.rpm\r\n 33167e61bf2e5f8132e581306fb3f9b3 2010.0/i586/postgresql8.4-devel-8.4.2-0.1mdv2010.0.i586.rpm\r\n 52c063f6a31ef49b87fe70227e1cc7a1 2010.0/i586/postgresql8.4-docs-8.4.2-0.1mdv2010.0.i586.rpm\r\n dc75e2ebbab59312d6c1a491b6393f91 2010.0/i586/postgresql8.4-pl-8.4.2-0.1mdv2010.0.i586.rpm\r\n a44bac65b39698446f4d066f77cd3085 2010.0/i586/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.i586.rpm\r\n 9537965ff95b6d6c62be3df17567f6c9 2010.0/i586/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.i586.rpm\r\n 32b66a3d2d191bf52ad1770ce92a24bd 2010.0/i586/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.i586.rpm\r\n a45380a8bc2072792ab52042db3a837c 2010.0/i586/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.i586.rpm\r\n b99ffb5c3cbb7266b63986b075b0eb95 2010.0/i586/postgresql8.4-server-8.4.2-0.1mdv2010.0.i586.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 864f7b0ab419b1c08fdbff5af593a9e3 2010.0/x86_64/lib64ecpg8.4_6-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 707a9ed081a46bea0cec38bd2bfe3561 2010.0/x86_64/lib64pq8.4_5-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n e3aa48ed1d6da44aaf791be57619043d 2010.0/x86_64/postgresql8.4-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 874e5a9ab5757e0d9c509eee102c0dc2 2010.0/x86_64/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 90627e1bdc5988d3a78ee16491a27148 2010.0/x86_64/postgresql8.4-devel-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cf905e15179fe18fa68ae02f35713139 2010.0/x86_64/postgresql8.4-docs-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 8e6957a4ca67801131ee70dbe4f3639a 2010.0/x86_64/postgresql8.4-pl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 1b1e5de5c77a30672ea9bba9d49d7bed 2010.0/x86_64/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n b87c3d4cd820d21eac3e66559d773508 2010.0/x86_64/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cfcaf767fb6135169e3fb01704e2831e 2010.0/x86_64/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n fd216fa6f5ecb1fa1d8f6429396b4142 2010.0/x86_64/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 9c86fd1c896343e5c48b76aed566f8c8 2010.0/x86_64/postgresql8.4-server-8.4.2-0.1mdv2010.0.x86_64.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 8a71295ef109fe3ab7260170384c0ce7 corporate/3.0/i586/libecpg3-7.4.27-0.1.C30mdk.i586.rpm\r\n 11ef4350d665b4b2ef2fd926bd560aa8 corporate/3.0/i586/libecpg3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 30c8a894b12b223ad491abd4547c1fd7 corporate/3.0/i586/libpgtcl2-7.4.27-0.1.C30mdk.i586.rpm\r\n 0fa521cc9af217d927ca79c91b0c9eae corporate/3.0/i586/libpgtcl2-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 3672fefda6db5e828c7d939a27314b38 corporate/3.0/i586/libpq3-7.4.27-0.1.C30mdk.i586.rpm\r\n 9a2ba43d5dc9593ca1bbab4647208080 corporate/3.0/i586/libpq3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 2247db07ed8b627fbfc35ac648c2a5df corporate/3.0/i586/postgresql-7.4.27-0.1.C30mdk.i586.rpm\r\n e616a70f043ff0b0482e87d56a1019cd corporate/3.0/i586/postgresql-contrib-7.4.27-0.1.C30mdk.i586.rpm\r\n 08f9f7e7f8fb429cf0c77cfa7eda23d3 corporate/3.0/i586/postgresql-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 6d3b0ed2ba2b362ac09db9c4ae07b9e2 corporate/3.0/i586/postgresql-docs-7.4.27-0.1.C30mdk.i586.rpm\r\n 69b5e9674499b805b8e27bb6c348feec corporate/3.0/i586/postgresql-jdbc-7.4.27-0.1.C30mdk.i586.rpm\r\n 392426960dd9831613903d460af31b80 corporate/3.0/i586/postgresql-pl-7.4.27-0.1.C30mdk.i586.rpm\r\n c266e60a60a5c438dddd9fc3a9e86415 corporate/3.0/i586/postgresql-server-7.4.27-0.1.C30mdk.i586.rpm\r\n 7195e1843ccacf58dd3a8e6888f52687 corporate/3.0/i586/postgresql-tcl-7.4.27-0.1.C30mdk.i586.rpm\r\n d5a7dacb4bbb6d35d0eac00f8fb3fe8f corporate/3.0/i586/postgresql-test-7.4.27-0.1.C30mdk.i586.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n ca3ea7496d9340c6bc7466e478a821ff corporate/3.0/x86_64/lib64ecpg3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0ede7c61f0595bff37777971a2e2d3ac corporate/3.0/x86_64/lib64ecpg3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n a798bef9e8f689aed42f1317f59fb189 corporate/3.0/x86_64/lib64pgtcl2-7.4.27-0.1.C30mdk.x86_64.rpm\r\n c5fbbf4818f054ad11be80dad96c2e2f corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e89bb5fa7f482af3779d4508ccdc0f90 corporate/3.0/x86_64/lib64pq3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 43966e84c38f69cf644e05f86bb157b9 corporate/3.0/x86_64/lib64pq3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 7821bd199a8e957f862d2e6751f9993b corporate/3.0/x86_64/postgresql-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 3b7c354b1438fbf7e5613ec4b9525144 corporate/3.0/x86_64/postgresql-contrib-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 1271e5de07e40e7ef5d0b39ad4593cd8 corporate/3.0/x86_64/postgresql-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 17a2e21ba705128bc6dc234fa9222269 corporate/3.0/x86_64/postgresql-docs-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 284c5e6b3bc707509767df7ec5940915 corporate/3.0/x86_64/postgresql-jdbc-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0b3d675d0991c98ea6b2a665eb587c29 corporate/3.0/x86_64/postgresql-pl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 742086f186cd02ce6e010aa5b0efcde4 corporate/3.0/x86_64/postgresql-server-7.4.27-0.1.C30mdk.x86_64.rpm\r\n d5875f42122d0a021b1ae474a3c71de4 corporate/3.0/x86_64/postgresql-tcl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e4eeed326ce8f6a6cd14d955c9af1c3b corporate/3.0/x86_64/postgresql-test-7.4.27-0.1.C30mdk.x86_64.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n f16a9d7c219db91a48f05d47fbb25328 corporate/4.0/i586/libecpg5-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 46e5cba337eb64ebd722f1cf20a1bea0 corporate/4.0/i586/libecpg5-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n aa1bf8fa60ba634f847ef99743b54509 corporate/4.0/i586/libpq4-8.1.19-0.1.20060mlcs4.i586.rpm\r\n c9b495e705a47e8c657fe486c6a73caa corporate/4.0/i586/libpq4-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 8576e546f41ec07302b09f22b800c2a3 corporate/4.0/i586/postgresql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 99c18cea6a827b10c4197dea71660714 corporate/4.0/i586/postgresql-contrib-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 7a4ac00898e262a29c945ea24381a02c corporate/4.0/i586/postgresql-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n e10dde94402ce28c56d0a59f449b2120 corporate/4.0/i586/postgresql-docs-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 2b0aaa02c58d5f75be11b93663ac2db2 corporate/4.0/i586/postgresql-pl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 898ffb6afa67a42abd8cbd415f20f12d corporate/4.0/i586/postgresql-plperl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 750c34d0bd6c1370a10f65b0fe0d042f corporate/4.0/i586/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0e2fae96fe4ae65e119ec57bc62d1c18 corporate/4.0/i586/postgresql-plpython-8.1.19-0.1.20060mlcs4.i586.rpm\r\n ddfb7d5dcb55d11ca58c59072c96ffd8 corporate/4.0/i586/postgresql-pltcl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0ff2a52751ddf2c15ab718e378864209 corporate/4.0/i586/postgresql-server-8.1.19-0.1.20060mlcs4.i586.rpm\r\n dbd24a627e161243ace369ed2bd0cb59 corporate/4.0/i586/postgresql-test-8.1.19-0.1.20060mlcs4.i586.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ff727efb618417699e1d702c463c08ff corporate/4.0/x86_64/lib64ecpg5-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d9d0a5ed50a5ea130ec32fe942f58c90 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 64c1ae194c06762d74dc69105a16a6d3 corporate/4.0/x86_64/lib64pq4-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 5ff5e5660fa8e69fdabc2ec56fb41f33 corporate/4.0/x86_64/lib64pq4-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d92641b17c40ac1237651577a716d716 corporate/4.0/x86_64/postgresql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n c1a90670f7443af7ae03ddd89fe8ff86 corporate/4.0/x86_64/postgresql-contrib-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81907fd64a64793480a155ce04b7c8c1 corporate/4.0/x86_64/postgresql-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a1b78b2902098f4e2981deb47c14705f corporate/4.0/x86_64/postgresql-docs-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n e3ed9cee0ba6f35ba20bcc593059dfc9 corporate/4.0/x86_64/postgresql-pl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a4302fcb3ff0a03be6eadc2fa87e7772 corporate/4.0/x86_64/postgresql-plperl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81df2078a490b8f7944e14947172a3cb corporate/4.0/x86_64/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 33e8b703accdaf358014a4f4b9f20edf corporate/4.0/x86_64/postgresql-plpython-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a7d0b24be375bf699a16d856872ed3b0 corporate/4.0/x86_64/postgresql-pltcl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 124bb9309c4bcb6174703c933e81fdf8 corporate/4.0/x86_64/postgresql-server-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a63ab9b6d993eb50e5b437592423dfe7 corporate/4.0/x86_64/postgresql-test-8.1.19-0.1.20060mlcs4.x86_64.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 7954b4d7b6b3ad3a4dc075a63503e1d0 mes5/i586/libecpg8.3_6-8.3.9-0.1mdvmes5.i586.rpm\r\n 1631a58bfb19765fa166f6e507e9799b mes5/i586/libpq8.3_5-8.3.9-0.1mdvmes5.i586.rpm\r\n 643f5cada4cb4dbf53e7931a88be3f33 mes5/i586/postgresql8.3-8.3.9-0.1mdvmes5.i586.rpm\r\n c14326f783c2a1f5b90ea623e00e95bf mes5/i586/postgresql8.3-contrib-8.3.9-0.1mdvmes5.i586.rpm\r\n 4e1c3db6f801090ab60b31028fbfaa18 mes5/i586/postgresql8.3-devel-8.3.9-0.1mdvmes5.i586.rpm\r\n c36fcbf4195dbf7becd7c3dabf81e20b mes5/i586/postgresql8.3-docs-8.3.9-0.1mdvmes5.i586.rpm\r\n 524d653e230fbac674e9ce464d290b89 mes5/i586/postgresql8.3-pl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9877115225ad4463430d7e0bf6debebd mes5/i586/postgresql8.3-plperl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9bf0e1591576271129b01f4f0bd60b9e mes5/i586/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.i586.rpm\r\n b64538f411412f4025471fcad1ce24c8 mes5/i586/postgresql8.3-plpython-8.3.9-0.1mdvmes5.i586.rpm\r\n 3f9499776b4395c5829c761daa952976 mes5/i586/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.i586.rpm\r\n 2f8625a2f70355715b426be163316c8c mes5/i586/postgresql8.3-server-8.3.9-0.1mdvmes5.i586.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n af91e508191f984255fcca2cc4847dd5 mes5/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2a9f7ddd1c6b1df8fbaed9f75855d215 mes5/x86_64/lib64pq8.3_5-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 5a99bffb08073b986c113f4e01290acb mes5/x86_64/postgresql8.3-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 34a240a407e23e22fa4fafcacd42aaa4 mes5/x86_64/postgresql8.3-contrib-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 328ffce47393a37b8513ca4db35cfa0e mes5/x86_64/postgresql8.3-devel-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2813c49a1081e9ba21641ff0221c0282 mes5/x86_64/postgresql8.3-docs-8.3.9-0.1mdvmes5.x86_64.rpm\r\n ae7edc79dfcbe71b63d3cc63002b999e mes5/x86_64/postgresql8.3-pl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n b329ee3b0bf6f225d63967194a9ad1f7 mes5/x86_64/postgresql8.3-plperl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 3357aeaff40947216df472606af69f92 mes5/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2d1643ae72848a853075a348c3e710b1 mes5/x86_64/postgresql8.3-plpython-8.3.9-0.1mdvmes5.x86_64.rpm\r\n e190019db4c20a65fbcb6ec71b87fb73 mes5/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 95397048806b12338bf90c216f93f8c6 mes5/x86_64/postgresql8.3-server-8.3.9-0.1mdvmes5.x86_64.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLJ6UdmqjQ0CJFipgRAhI0AKDu7P9IZkttVPb8P6UTShYJa6HLxgCcC6JU\r\nwNWFQRVDjFT4KODLej6slSQ=\r\n=9pvm\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-12-15T00:00:00", "title": "[ MDVSA-2009:333 ] postgresql", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:32", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-6600", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "modified": "2009-12-15T00:00:00", "id": "SECURITYVULNS:DOC:22944", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22944", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "references": [], "description": "===========================================================\r\nUbuntu Security Notice USN-834-1 September 21, 2009\r\npostgresql-8.1, postgresql-8.3 vulnerabilities\r\nCVE-2009-3229, CVE-2009-3230, CVE-2009-3231\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n postgresql-8.1 8.1.18-0ubuntu0.6.06\r\n\r\nUbuntu 8.04 LTS:\r\n postgresql-8.3 8.3.8-0ubuntu8.04\r\n\r\nUbuntu 8.10:\r\n postgresql-8.3 8.3.8-0ubuntu8.10\r\n\r\nUbuntu 9.04:\r\n postgresql-8.3 8.3.8-0ubuntu9.04\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that PostgreSQL could be made to unload and reload an\r\nalready loaded module by using the LOAD command. A remote authenticated\r\nattacker could exploit this to cause a denial of service. This issue did\r\nnot affect Ubuntu 6.06 LTS. &#40;CVE-2009-3229&#41;\r\n\r\nDue to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION\r\nAUTHORIZATION operations were allowed inside security-definer functions. A\r\nremote authenticated attacker could exploit this to escalate privileges\r\nwithin PostgreSQL. &#40;CVE-2009-3230&#41;\r\n\r\nIt was discovered that PostgreSQL did not properly perform LDAP\r\nauthentication under certain circumstances. When configured to use LDAP\r\nwith anonymous binds, a remote attacker could bypass authentication by\r\nsupplying an empty password. This issue did not affect Ubuntu 6.06 LTS.\r\n&#40;CVE-2009-3231&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06.diff.gz\r\n Size/MD5: 31743 f1ea9c55604f2fd24de05451cce47fba\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06.dsc\r\n Size/MD5: 1130 aa7100459f8bfb6a6c1e65250213f144\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18.orig.tar.gz\r\n Size/MD5: 11515037 34911f0a3e8ef5d1bd46f67cf96692fb\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.18-0ubuntu0.6.06_all.deb\r\n Size/MD5: 1516114 63827e2e232f05749c3a141b8e8c0c5a\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 185844 3ffe4f092b07e7b6514f8bd53b2f75ad\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 379106 b07081cb872c95062cd63583e57b394a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 206676 9328e1e1b2d3961bb1b05cf48d937411\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 207656 f85b64b5ba668e1100b4199d6dff1329\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 341486 66ab11dab2367caa538a6265bef90cca\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 239602 82b1f147e74384912b3459ddc53a6067\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 3189146 99384e42c8c34d957e4e29917f70839c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 816672 1f5219ab375080eb51b3733a979182b8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 648688 dde36069f684fc305ac979a3a1762c05\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 202698 ca02926acf9a81ea28e60feefaf0f6ab\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 196632 c1d43c12ecaad0bad094066e7280a1a4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 196766 275742992921ca2b93aba4c0a5210d35\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 631704 2ef854bd649dec4b9fb0cb0db2d99481\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 184712 9146632265d1f25d36cff737e49f8ee5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 368764 2946451d44c15869939eba9dff11be63\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 204426 50847cae853adae1dc8dddb7f7fd7e4a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 205814 060ce84c09a9de93ce4d33e2abc2f519\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 329992 90238e147ca9341009c144b9c72a5d19\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 232842 414f17c3efa808904e2c9447ad668c4e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 2991860 6dd4e62a08c006ea91ab5149e3084bf5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 744484 ecdf92a4eb4420e795a4485fd54c499e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 603124 26b20c393011c8947f3bf4fa8816c385\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 200762 0727084b7abc7a740b38f3642c0e1b48\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 193990 711b369324b026c08f00350d7966c324\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 195438 61e8951116f483452a796a45d1421d58\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 631670 16226e2a9b1f0470b937b53b85fbc78c\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 186554 bbfd44150187e63063ed62f0963e71e6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 374552 5b675480c9c1fc15dd28f9a6cf87cc30\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 207482 57675c4583c0e495d3ce64e05988eacf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 209912 8c9b4d1b911afff49e588e91c8e481aa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 335992 844f6d338f0b6d5ad49b33483dde521b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 236446 95488f60b754f55d3e8815a761dd100c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 3487108 e56b15939f01b4b478876d93f22f2640\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 817744 aaea91102457d10784892b3b3f9e8afc\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 665386 7b6bcfb371dd45dae3733b51f647c316\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 202454 24f44f7451b820d16c7c7753a2344be6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 196580 27aaf5f4a9dfd7849b542cfdbadf1dad\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 197682 da69067d4658cbcc29277028e235ae0b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 631684 02231d2397e828aeaa957c03fb859756\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 184472 fb5732f5ebf00d1b62864478185a5f6a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 366010 4d7cc3072ca480a011759cd754e26e14\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 204920 722e6f2ffb3ede00d870c25f5795c194\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 205426 3c4555b5a7deddbd8b3c51d0ebc886ee\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 332124 39ecb9bc76f37b8eefd9bf556d6987be\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 233116 1445493a718ef3d00516dc95553c06b6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 3358776 f95e8227263cb02b081422c11088ceb1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 772912 4356895c732b4c07170a30e6b1f735ed\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 623618 83477cb2f42a1e86a017500880354416\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 200978 9b0aed5341b65ff90156d0ac7978817a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 195002 4f503dc7a734661fcce7c31469a1bac6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 195790 c1d6085c7c6111a5108b6212626f8c78\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 631718 a33285dbb031ecc5f4a9ca51502297d9\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04.diff.gz\r\n Size/MD5: 63345 ac0a84d16a8f80a0d8e1da5ac50a1bd5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04.dsc\r\n Size/MD5: 1303 5271ab7e55e1b4c3801ca95abe146e3a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz\r\n Size/MD5: 13841845 14a82ab269c114d72986daf75129aabf\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 238806 a41b7038af3e235d2e54f24834803451\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 238700 317d88fb3323d897be66c955affa056e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 1973176 27b9aa06eaeda61146a4cfe7cc93fca9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 3434 4e3bc7d14658f50c35ce1f14652b05af\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 238834 ae687484d6fa77e771d893b7df73cfff\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 11618 91b5f635f60180913c611b94d0920a55\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 222668 70ab629161443b0841d8c430aaef7532\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 32380 75868e57b1bb64822e2e078e0e1cf6a1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 268388 3ab452a30e0fcc9bb8d5405603ad60e9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 189986 4df2b85ada27dbcdbceda358e831cfe9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 303810 96fb124c5cfcde163cdea2253ef63370\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 3748052 823cb5a1a7cbc44c61774df0de9b8bbb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 735524 dfc5908dcead01ce09134c42e68e0b3c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 367786 fa043783c15a5f0b155b5155722fed7c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 268678 7eed644b6a9652e39c3be697c0f7d4da\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 260690 ade2bab6f8972aafc42a22d709327524\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 258118 07d87c4328c2e2efc8673fb4b61d99ee\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 806510 1f7a51d51f622c789caf6ead5c8a0c28\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 10604 466ab787be47866949c5ca52dd3f80d7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 213952 5c4db815f5fc2275655c55fa924a8c39\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 31412 64effbb55cd7e494156ad4f902678503\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 267702 c446bd9feacbc74ea2595849c466cc70\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 182216 7ac5c277d52fe46ff99d6b8b090de044\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 299638 e878c6d146fdca30d05ad8d85269e1eb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 3616902 142179bf3c65b7d185c69696d030a0c0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 705208 ea0bcc663bafd7711d9f54d5e003356b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 331844 0451e7d9ed58d51a936305d2530e9f49\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 266552 3c86fb96402a45ec931f0dfc87053ee8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 258046 e620d203354073e0d0c2d275a7cee17c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 256986 b15a77000c2e9a680bfdf603dc8cf05e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 804616 a7d43192f4da0222e08cc570f7a878a3\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 10458 ba6db2118286ca2405a828ed4138d95b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 212656 be6b76942fb747fbe6c975fdff71e27d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 30854 037b282240c933fc18b9c84132ebe6e4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 267428 900918ab5c2f7a4271c1850699f5d608\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 179422 23947639e097e082e9cb255f3407d498\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 298790 a77a55993a2d20c2d72af5402048019d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 3602510 617e9304e9525fc0f5dcfdc9c08baef8\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 702164 d02bc52c5c433285b6a835ae92595024\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 329430 1af919ac43435f675305f491c2b48aae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 266870 7a3b858f0e9c31b259ac2d514721bcc6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 258108 29fd2ee87d2ba819c72020d14f50e754\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 257064 f253df0e247f24a3da822a3d5d153a4c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 804322 fdcdaa10aae262ac3d1f405d9878beb0\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 11250 b9730adcb7dc8691fc49983a7c339882\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 217748 55cf4421720dd229a1ee246e4f35b242\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 33976 c333abf81c3c44cc4487b418fff58478\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 271050 e96b6caf77c0a082a87a1587f3f2e578\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 189722 7ab7ac82c96d3d74a0c108fb0e71be8f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 303444 c226396658b6f3deeb63da1e4d438302\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 4098530 7c801ad395e7a2207aad40b930d0396d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 768046 c322dc045af7a6b902a2f0418aed3b7e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 416864 051c0961fcece27a1634fd4e9f09cd85\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 270330 d7aed637337148373a3641beaaf86656\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 262298 9d1e4d47803e1bb7addcf13dc3423fb2\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 260458 317228d5052ef6676746c7fcb08d3e7d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 807184 cd152c5e4daa4080e3571e29c5f4afa5\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 9848 21ec32ead934fa3d815c530b277b5f4c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 203886 620c5b34b4bcb28d778280eda16405a1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 29588 1492b8f1805a909e58a93f43afb8c706\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 264828 6274b4e50b0a9879618907d41e0e0754\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 178576 47dd597924a7677ec8b24c492dc9a3b7\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 295668 dcaedb62159ee258917b3af373e4b246\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 3856320 781328b40d51cb9520769ac3e73149f0\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 703720 297586a305972a9354da8ecd2a927894\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 327718 27ba9aca187984038fc7eaaf4f84304b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 265310 68cdf4ff9e05642d5c30fdb26926292b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 257534 8c85f82d6993b834602f321e59b63059\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 256388 32278cb4729e7dc158fa5d779ae31bd6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 805414 aa709f9d06a2bb9583acd0947b13a3a6\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10.diff.gz\r\n Size/MD5: 65725 563e8b1ae1e93fa0e7c6ba3487e6f447\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10.dsc\r\n Size/MD5: 1681 6aad2ee6fb926e8b53c96b4b0ce52546\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz\r\n Size/MD5: 13841845 14a82ab269c114d72986daf75129aabf\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 240838 2f7c4118eb9579d7afd4e51b0b2973d8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 240738 7593b62d00b52d2ca021f22705a51023\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 1975242 70f19fc69824b5b4c3c0b3a97e51d633\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 3416 a1a066265fdffc273fbbc61a372b3637\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 240872 3cec9d88b5760aa418ca97c79e4067c9\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 11540 a8c779b71db598cf15c5002d3252d34b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 226306 bdfa67e258d02cf7d0530a4c9dea36fa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 32766 e840bd71a1a18fd95f45167bb9d61f6e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 271160 491a9a0bbd653c39342763dd1afd4358\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 192294 c72732839a5801af7c45b7a9010ef3b1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 307090 17ecba7ee2eca31b86099d93c4ed893c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 3816854 51744da27ccc386501c844a89175ca7a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 768664 45d954b2e1cbc1eab2fcbd9aec69f30c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 374924 fa5dfecd5b8b1fae47a473a3ebe601d5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 268868 3252e062de12ed039771b33a9b89029f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 262936 b78a019aaa91c00142c0fe5f04b39ac5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 260420 84e7fcbf28cbee962de49fdc699e42f9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 812812 8d155a6cab29b3d0c5f8106ccba6507d\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 10688 739e14330f98a20fec94c7b7fec1ad51\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 216380 5e6b09215227da35d5950d94004786e4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 32022 0844010a50891a2ed1369c7270397587\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 270432 46437ae789db05237cdec686b4fbc304\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 184358 7fa6d92ad613960a61d1c51bb14dd355\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 303012 7aaa61095af9ff93e506d86ac0f3640a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 3668740 4e2e0e10b6a3a6febf10943c6e32764d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 727290 706a5c7fe1c5133a0a1b0ff76bfdd5e9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 337206 09cd41299c1baa155171d4217e81396d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 266986 e813165179152ed8e223ce46dd37ddca\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 260702 2d3c38e4204854e51091157a287327fb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 259564 eac733c274f65e638e1a3d9cf9624d79\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 808180 825e83a2cabbc1019ce41365e9e66d2f\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 10422 6640eb89daf896c56dbdb2b3c08e808a\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 216372 708660b2dea13a3d208b5b7ec9d1ae75\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 31230 9a6b2cda54549b978e4830578fc51865\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 269932 a0adb4f76b07f2794d9b7af32cc4bb60\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 181094 cb9f6952f1d9837f1862fa652a3f2c86\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 301764 2125c4137da3c1aaf79f5ea7ce394e32\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 3646462 b681269e9117f63568bbd8942b6051f1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 721806 581a2e79caad7357ac60260b607041d5\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 333520 fc49096af24c17b2ad4a862d13ca7d35\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 267388 ca7981f7e9d194eed29f7bb96c65f982\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 260556 1e090fa7f09f0382e07508294223ff83\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 259444 a72408fe3c5e71197105c5c3fa67bcfb\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 807646 8cfbdbd6f423f72289bc90530031e63b\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 11242 a68f8b7ec244e196e33d828e8d0464d5\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 224148 8057156503cf8f8b62743019bf5980c8\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 33850 224d52c8301dc44ef14ca6bdcf7a06ae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 273432 48ddf3caf94be67e51e2895843c3adec\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 190676 c65724ad6a9f41e21bb0dd4cafaa1235\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 305680 f538cb2c6d8bc491a6577efabe7ca71b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 4186264 53a680d80b139cc0d58dee1019e8e58b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 797496 3e23c8eb6d4fa8f90f94d1e222032c97\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 425206 ecd88b1e3675bbdaa6c531a54f737689\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 270066 5dad75eb672faf71b4c9b59586619820\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 264536 0ba6727c625df9714a4c315d1a994c77\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 262556 5fdbc9540c3dc09d3842ed4471fd2b0d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 814568 42660ea92fe50e57d20e99bd5019578d\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 9856 95ee9c9e0204a9b5a7026362a70cc6b1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 208306 f3ba866c1b9de6ae4dd08fd8eaada8ae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 29434 bfe1ef4d6a56f46721d6350a1cf99b7f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 267154 916bdfec642885d11c268b31991e9cff\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 179238 2c281c29c826dd3bf536ca2519abfee8\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 298556 ae4c3085be992b62bd24e31c12e17f04\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 3913536 e6d595c0cece2419363fecb0fa4f9f4f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 720844 2d54864a2dca67f1f52da799ff5bc46d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 333834 0cfe4666d5fbc539aa890ad68dd2f395\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 265374 1e91aac890d2496c14d63e2a4f1674ee\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 259764 a73007ed133b87d80e66e2124f70d3a6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 258626 884f6bfb555cedd7b6075de9a8868e1c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 808454 6167e3b3fbaa9e5d1bd62514007c93f3\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04.diff.gz\r\n Size/MD5: 66323 faef3614dd0942d59c56b0b58947f893\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04.dsc\r\n Size/MD5: 1668 0fdfd05ff3795b4a70f191c6ad341e49\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz\r\n Size/MD5: 13841845 14a82ab269c114d72986daf75129aabf\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 241014 2395f7476f276bdebb2e30a1d360f407\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 240912 7fd3b4334e45c1798cc3e096e3d4e662\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 1975410 087dbbfac0a40d040aae11ea5670f4f3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 3408 f1a0410c5de43e3440af57bb07f661cf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 241046 76c2e8a6f910c05c8ef9ca83e7e45cda\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 11542 584cd0264def7fbcb3ebd117d7e87900\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 226312 fd784b95452c6b3113716e7b70496b10\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 32772 843552ddc513aaf5f6e216e6f671ee6a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 271332 e4ef5f60376f27ec90f4039e1c400666\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 192302 767ddb663fa38a9971610aa766515d51\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 307232 f521acb738e35bf4d3cca5728b9f1af9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 3816894 23136a4f5116c38483cf847dba580731\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 768618 8ad3e05cef1610e3d59d8c9fddb698b4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 374950 acfda634a38bff5e937adb6fc4ea8ea7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 813038 47b57c031e99139b3b9d47d19f23df95\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 269038 0d5c80faa77cd0230a68a8844fcbfa7f\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 262998 8e7e8c8fa19ad47f2da71eeb98fdc371\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 260602 daa81a2bde81e90a4fdf41eb1e2654ad\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 10696 eca98a534ad9bd35726ab5a41fb20f17\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 216382 78d5299f7b600a8f8b6050021096de65\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 32020 e9615858d6ad2ebcc24c199c66a88d3b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 270592 528b4cf2181e9e37286fa66acd94685e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 184356 cbb343ddfaab309cb64f355f88e5dc5e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 303162 68d95db01131f63ac5f86e79336b41b6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 3668646 5266b8e3efb892e7e9a5c0d2ffc46956\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 727272 1e4c9f08fb1318c771b159c9a3564ec7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 337242 221d03e7385a58ac87d44191ca2c1f51\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 808358 db5bc679aed65c0198d44ea9a279a149\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 267154 2b72374a61c8b909a25c0a1f6c700a0a\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 260796 c72d3e29a65398ac8f6ed25fc335db3b\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 259740 3d1990c79f9703b623572ba1de86a570\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 10416 069c4da6121696764ad65c001ce8d669\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 216378 2ec4a19b0ad4333d99a15c2f72847c1c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 31228 75643f24796cb7521483eb7ea435a09e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 270100 46cd4062ad7026f464ee9771b070bff5\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 181102 f4d1967a9d5af8f812506a9b81ac3b04\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 301928 a0f32a0bf3ebc7983c70e11343851310\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 3646352 5c615d10f2cf908e8114d0ae95a89363\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 721816 a204abfcfdd570f5f7f895a5b8e924af\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 333490 14bdfa191c5f307ccc98e520812d41b7\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 807830 2d564de42aa5191abfde7862c1018944\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 267566 502195e0eee4038f974914a54c7415f1\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 260662 d21b94c3a9ced64463bca36f0db9e4bd\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 259638 92cbbf7ff30faa29077ae8f4ddc2c88d\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 11238 c1a1c781de3dabc0cf6d3c2bb599f609\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 224154 c18888026765114ff4be2365345c5de0\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 33846 fb12d7a4492d41675f0afe2a0bae16a4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 273590 a29352522711181f86e3b0ee1a38a3a4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 190668 baef9f56448e96d7e62b68f6227896f3\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 305838 cc4d988118b5d8c2241582b4048f9fad\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 4186362 702f2df7d954c9d74ae709dfdc4d64ca\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 797492 34366b52ed4f40649e33778084d07358\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 425176 1d735361983001b534835e34d7f7c38d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 814764 2230c7d33904261270259a54e84f743f\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 270236 094ca06c106bd6862be95328fdedcd67\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 264604 c9f52f3b35901d1959112a8f81c0f894\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 262734 4f3e10623a42622b32a3dcd5e3b222fc\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 9818 f178e4bd653f0c9018900b665d2bc572\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 208260 8589ddb80d5dd60dd4b264b1c1236806\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 29406 661cf759fc0a3fed4c36f843cf2f14a7\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 267266 34e6343c3a8357763cea45600c4c37c2\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 179198 1ee1722632b0c16c3452e1d171f509b1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 298708 bbcfaeb0772406c7b760393695f3e1a3\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 3912384 3a7a7015b7062bb5a6107aa713e9c07d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 720318 80753ccf8ba549f858443f263505ff56\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 333188 63f15b1b3d8e4ebba7683b6ef854add3\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 808580 a7b5575880a24adec3d2183048f2a0f9\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 265492 d0e271ab19e0550d66199c839ba0e9a2\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 259804 e8d44adf404222d47f44aaef200f2468\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 258778 e94884be8ebfce5ad40565f248b910fb\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2009-09-22T00:00:00", "title": "[USN-834-1] PostgreSQL vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:31", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-6600", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-3229"], "modified": "2009-09-22T00:00:00", "id": "SECURITYVULNS:DOC:22490", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22490", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2008-0009\r\nSynopsis: Updates to VMware Workstation, VMware Player,\r\n VMware ACE, VMware Fusion, VMware Server, VMware\r\n VIX API, VMware ESX, VMware ESXi resolve critical\r\n security issues\r\nIssue date: 2008-06-04\r\nUpdated on: 2008-06-04 &#40;initial release of advisory&#41;\r\nCVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097\r\n CVE-2008-2100 CVE-2006-1721 CVE-2008-0553\r\n CVE-2007-5378 CVE-2007-4772 CVE-2008-0888\r\n CVE-2008-0062 CVE-2008-0063 CVE-2008-0948\r\n- -------------------------------------------------------------------\r\n\r\n1. Summary:\r\n\r\n Several critical security vulnerabilities have been addressed\r\n in patches in ESX and in the newest releases of VMware&#39;s hosted\r\n product line.\r\n\r\n2. Relevant releases:\r\n\r\n VMware Workstation 6.0.3 and earlier,\r\n VMware Workstation 5.5.6 and earlier,\r\n VMware Player 2.0.3 and earlier,\r\n VMware Player 1.0.6 and earlier,\r\n VMware ACE 2.0.3 and earlier,\r\n VMware ACE 1.0.5 and earlier,\r\n VMware Server 1.0.5 and earlier,\r\n VMware Fusion 1.1.1 and earlier\r\n\r\n VMware ESXi 3.5 without patches ESXe350-200805501-I-SG,\r\n ESXe350-200805502-T-SG,\r\n ESXe350-200805503-C-SG\r\n\r\n VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG,\r\n ESX350-200805501-BG, ESX350-200805504-SG,\r\n ESX350-200805506-SG, ESX350-200805505-SG,\r\n ESX350-200805507-SG\r\n\r\n VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216,\r\n ESX-1004726, ESX-1004722, ESX-1004724,\r\n ESX-1004719, ESX-1004219\r\n\r\n VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725,\r\n ESX-1004721, ESX-1004723, ESX-1004190,\r\n ESX-1004189\r\n\r\n VMware ESX 2.5.5 without update patch 8\r\n VMware ESX 2.5.4 without update patch 19\r\n\r\nNOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x,\r\n and VMware ACE 1.x will reach end of general support\r\n 2008-11-09. Customers should plan to upgrade to the latest\r\n version of their respective products.\r\n\r\n ESX 3.0.1 is in Extended Support and its end of extended\r\n support &#40;Security and Bug fixes&#41; is 2008-07-31. Users should plan\r\n to upgrade to at least 3.0.2 update 1 and preferably the newest\r\n release available before the end of extended support.\r\n\r\n ESX 2.5.4 is in Extended Support and its end of extended support\r\n &#40;Security and Bug fixes&#41; is 2008-10-08. Users should plan to upgrade\r\n to at least 2.5.5 and preferably the newest release available before\r\n the end of extended support.\r\n\r\n3. Problem description:\r\n\r\n a. VMware Tools Local Privilege Escalation on Windows-based guest OS\r\n\r\n The VMware Tools Package provides support required for shared folders\r\n &#40;HGFS&#41; and other features.\r\n\r\n An input validation error is present in the Windows-based VMware\r\n HGFS.sys driver. Exploitation of this flaw might result in\r\n arbitrary code execution on the guest system by an unprivileged\r\n guest user. It doesn&#39;t matter on what host the Windows guest OS\r\n is running, as this is a guest driver vulnerability and not a\r\n vulnerability on the host.\r\n\r\n The HGFS.sys driver is present in the guest operating system if the\r\n VMware Tools package is loaded. Even if the host has HGFS disabled\r\n and has no shared folders, Windows-based guests may be affected. This\r\n is regardless if a host supports HGFS.\r\n\r\n This issue could be mitigated by removing the VMware Tools package\r\n from Windows based guests. However this is not recommended as it\r\n would impact usability of the product.\r\n\r\n NOTE: Installing the new hosted release or ESX patches will not\r\n remediate the issue. The VMware Tools packages will need\r\n to be updated on each Windows-based guest followed by a\r\n reboot of the guest system.\r\n\r\n VMware would like to thank iDefense and Stephen Fewer of Harmony\r\n Security for reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2007-5671 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n Workstation 6.x Windows not affected\r\n Workstation 6.x Linux not affected\r\n Workstation 5.x Windows 5.5.6 build 80404 or later\r\n Workstation 5.x Linux 5.5.6 build 80404 or later\r\n\r\n Player 2.x Windows not affected\r\n Player 2.x Linux not affected\r\n Player 1.x Windows 1.0.6 build 80404 or later\r\n Player 1.x Linux 1.0.6 build 80404 or later\r\n\r\n ACE 2.x Windows not affected\r\n ACE 1.x Windows 1.0.5 build 79846 or later\r\n\r\n Server 1.x Windows 1.0.5 build 80187 or later\r\n Server 1.x Linux 1.0.5 build 80187 or later\r\n\r\n Fusion 1.x Mac OS/X not affected\r\n\r\n ESXi 3.5 ESXi not affected\r\n\r\n ESX 3.5 ESX not affected\r\n ESX 3.0.2 ESX ESX-1004727\r\n ESX 3.0.1 ESX ESX-1004186\r\n ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later\r\n ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later\r\n\r\n\r\n b. Privilege escalation on ESX or Linux based hosted operating systems\r\n\r\n This update fixes a security issue related to local exploitation of\r\n an untrusted library path vulnerability in vmware-authd. In order to\r\n exploit this vulnerability, an attacker must have local access and\r\n the ability to execute the set-uid vmware-authd binary on an affected\r\n system. Exploitation of this flaw might result in arbitrary code\r\n execution on the Linux host system by an unprivileged user.\r\n\r\n VMware would like to thank iDefense for reporting this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2008-0967 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n Workstation 6.x Windows not affected\r\n Workstation 6.x Linux 6.0.4 build 93057\r\n Workstation 5.x Windows not affected\r\n Workstation 5.x Linux 5.5.7 build 91707\r\n\r\n Player 2.x Windows not affected\r\n Player 2.x Linux 2.0.4 build 93057\r\n Player 1.x Windows not affected\r\n Player 1.x Linux 1.0.7 build 91707\r\n\r\n ACE 2.x Windows not affected\r\n ACE 1.x Windows not affected\r\n\r\n Server 1.x Windows not affected\r\n Server 1.x Linux 1.0.6 build 91891\r\n\r\n Fusion 1.x Mac OS/X not affected\r\n\r\n ESXi 3.5 ESXi ESXe350-200805501-I-SG\r\n\r\n ESX 3.5 ESX ESX350-200805515-SG\r\n ESX 3.0.2 ESX ESX-1004821\r\n ESX 3.0.1 ESX ESX-1004728\r\n ESX 2.5.5 ESX ESX 2.5.5 update patch 8\r\n ESX 2.5.4 ESX ESX 2.5.4 update patch 19\r\n\r\n c. Openwsman Invalid Content-Length Vulnerability\r\n\r\n Openwsman is a system management platform that implements the Web\r\n Services Management protocol &#40;WS-Management&#41;. It is installed and\r\n running by default. It is used in the VMware Management Service\r\n Console and in ESXi.\r\n\r\n The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable\r\n to a privilege escalation vulnerability, which may allow users with\r\n non-privileged ESX or Virtual Center accounts to gain root privileges.\r\n\r\n To exploit this vulnerability, an attacker would need a local ESX\r\n account or a VirtualCenter account with the Host.Cim.CimInteraction\r\n permission.\r\n\r\n Systems with no local ESX accounts and no VirtualCenter accounts with\r\n the Host.Cim.CimInteraction permission are not vulnerable.\r\n\r\n This vulnerability cannot be exploited by users without valid login\r\n credentials.\r\n\r\n Discovery: Alexander Sotirov, VMware Security Research\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2008-2097 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n hosted any any not affected\r\n\r\n ESXi 3.5 ESXi ESXe350-200805501-I-SG\r\n\r\n ESX 3.5 ESX ESX350-200805508-SG\r\n ESX 3.0.2 ESX not affected\r\n ESX 3.0.1 ESX not affected\r\n ESX 2.5.5 ESX not affected\r\n ESX 2.5.4 ESX not affected\r\n\r\n NOTE: VMware hosted products are not affected by this issue.\r\n\r\n d. VMware VIX Application Programming Interface &#40;API&#41; Memory Overflow\r\nVulnerabilities\r\n\r\n The VIX API &#40;also known as &quot;Vix&quot;&#41; is an API that lets users write scripts\r\n and programs to manipulate virtual machines.\r\n\r\n Multiple buffer overflow vulnerabilities are present in the VIX API.\r\n Exploitation of these vulnerabilities might result in code execution on\r\n the host system or on the service console in ESX Server from the guest\r\n operating system.\r\n\r\n The VIX API can be enabled and disabled using the &quot;vix.inGuest.enable&quot;\r\n setting in the VMware configuration file. This default value for this\r\n setting is &quot;disabled&quot;. This configuration setting is present in the\r\n following products:\r\n VMware Workstation 6.0.2 and higher\r\n VMware ACE 6.0.2 and higher\r\n VMware Server 1.06 and higher\r\n VMware Fusion 1.1.2 and higher\r\n ESX Server 3.0 and higher\r\n ESX Server 3.5 and higher\r\n In previous versions of VMware products where the VIX API was introduced,\r\n the VIX API couldn&#39;t be disabled.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2008-2100 to this issue.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe\r\n VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz\r\n VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz\r\n\r\n Workstation 6.x Windows 6.0.4 build 93057\r\n Workstation 6.x Linux 6.0.4 build 93057\r\n Workstation 5.x Windows 5.5.7 build 91707\r\n Workstation 5.x Linux 5.5.7 build 91707\r\n\r\n Player 2.x Windows 2.0.4 build 93057\r\n Player 2.x Linux 2.0.4 build 93057\r\n Player 1.x Windows 1.0.6 build 91707\r\n Player 1.x Linux 1.0.6 build 91707\r\n\r\n ACE 2.x Windows 2.0.4 build 93057\r\n ACE 1.x Windows not affected\r\n\r\n Server 1.x Windows 1.0.6 build 91891\r\n Server 1.x Linux 1.0.6 build 91891\r\n\r\n Fusion 1.x Mac OS/X 1.1.2 build 87978 or later\r\n\r\n ESXi 3.5 ESXi ESXe350-200805501-I-SG,\r\n ESXe350-200805502-T-SG\r\n\r\n ESX 3.5 ESX ESX350-200805501-BG\r\n ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727\r\n ESX 3.0.1 ESX ESX-1004186, ESX-1004725\r\n ESX 2.5.5 ESX not affected\r\n ESX 2.5.4 ESX not affected\r\n\r\n\r\nII Service Console rpm updates\r\n\r\n NOTE: ESXi and hosted products are not affected by any service console\r\n security updates\r\n\r\n a. Security update for cyrus-sasl\r\n\r\n Updated cyrus-sasl package for the ESX Service Console corrects a security\r\n issue found in the DIGEST-MD5 authentication mechanism of Cyrus&#39;\r\n implementation of Simple Authentication and Security Layer &#40;SASL&#41;. As a\r\n result of this issue in the authentication mechanism, a remote\r\n unauthenticated attacker might be able to cause a denial of service error\r\n on the service console.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CVE-2006-1721 to this issue.\r\n\r\n RPMs Updated:\r\n cyrus-sasl-2.1.15-15.i386.rpm\r\n cyrus-sasl-md5-2.1.15-1.i386.rpm\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n hosted any any not affected\r\n\r\n ESXi 3.5 ESXi not affected\r\n\r\n ESX 3.5 ESX ESX350-200805504-SG\r\n ESX 3.0.2 ESX ESX-1004722\r\n ESX 3.0.1 ESX ESX-1004721\r\n ESX 2.5.5 ESX not affected\r\n ESX 2.5.4 ESX not affected\r\n\r\n b. Security update for tcltk\r\n\r\n An input validation flaw was discovered in Tk&#39;s GIF image handling. A\r\n code-size value read from a GIF image was not properly validated before\r\n being used, leading to a buffer overflow. A specially crafted GIF file\r\n could use this to cause a crash or, potentially, execute code with the\r\n privileges of the application using the Tk graphical toolkit.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CVE-2008-0553 to this issue.\r\n\r\n A buffer overflow flaw was discovered in Tk&#39;s animated GIF image handling.\r\n An animated GIF containing an initial image smaller than subsequent images\r\n could cause a crash or, potentially, execute code with the privileges of\r\n the application using the Tk library.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CVE-2007-5378 to this issue.\r\n\r\n A flaw first discovered in the Tcl regular expression engine used in the\r\n PostgreSQL database server, resulted in an infinite loop when processing\r\n certain regular expressions.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CVE-2007-4772 to this issue.\r\n\r\n RPM Updated:\r\n tcl-8.3.5-92.8.i386.rpm\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n hosted any any not affected\r\n\r\n ESXi 3.5 ESXi not affected\r\n\r\n ESX 3.5 ESX ESX350-200805506-SG\r\n ESX 3.0.2 ESX ESX-1004724\r\n ESX 3.0.1 ESX ESX-1004723\r\n ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8\r\n ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19\r\n\r\n c. Security update for unzip\r\n\r\n This patch includes a moderate security update to the service console that\r\n fixes a flaw in unzip. An attacker could execute malicious code with a\r\n user&#39;s privileges if the user ran unzip on a file designed to leverage\r\n this flaw.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41; has\r\n assigned the name CVE-2008-0888 to this issue.\r\n\r\n RPM Updated:\r\n Unzip-5.50-36.EL3.i386.rpm\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n hosted any any not affected\r\n\r\n ESXi 3.5 ESXi not affected\r\n\r\n ESX 3.5 ESX ESX350-200805505-SG\r\n ESX 3.0.2 ESX ESX-1004719\r\n ESX 3.0.1 ESX ESX-1004190\r\n ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8\r\n ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19\r\n\r\n d. Security update for krb5\r\n\r\n KDC in MIT Kerberos 5 &#40;krb5kdc&#41; does not set a global variable\r\n for some krb4 message types, which allows remote attackers to\r\n cause a denial of service &#40;crash&#41; and possibly execute arbitrary\r\n code via crafted messages that trigger a NULL pointer dereference\r\n or double-free.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2008-0062 to this issue.\r\n\r\n NOTE: ESX doesn&#39;t contain the krb5kdc binary and is not vulnerable\r\n to this issue.\r\n\r\n The Kerberos 4 support in KDC in MIT Kerberos 5 &#40;krb5kdc&#41; does not\r\n properly clear the unused portion of a buffer when generating an\r\n error message, which might allow remote attackers to obtain\r\n sensitive information, aka &quot;Uninitialized stack values.&quot;\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2008-0063 to this issue.\r\n\r\n NOTE: ESX doesn&#39;t contain the krb5kdc binary and is not vulnerable\r\n to this issue.\r\n\r\n Buffer overflow in the RPC library &#40;lib/rpc/rpc_dtablesize.c&#41; used\r\n by libgssrpc and kadmind in MIT Kerberos 5 &#40;krb5&#41; 1.2.2, and probably\r\n other versions before 1.3, when running on systems whose unistd.h\r\n does not define the FD_SETSIZE macro, allows remote attackers to cause\r\n a denial of service &#40;crash&#41; and possibly execute arbitrary code by\r\n triggering a large number of open file descriptors.\r\n\r\n The Common Vulnerabilities and Exposures project &#40;cve.mitre.org&#41;\r\n has assigned the name CVE-2008-0948 to this issue.\r\n\r\n RPM Updated:\r\n krb5-libs-1.2.7-68.i386.rpm\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============ ======== ======= =================\r\n hosted any any not affected\r\n\r\n ESXi 3.5 ESXi not affected\r\n\r\n ESX 3.5 ESX ESX350-200805507-SG\r\n ESX 3.0.2 ESX ESX-1004219\r\n ESX 3.0.1 ESX ESX-1004189\r\n ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8\r\n ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19\r\n\r\n4. Solution:\r\n\r\nPlease review the release notes for your product and version and verify the\r\nmd5sum of your downloaded file.\r\n\r\n VMware Workstation 6.0.4\r\n ------------------------\r\n http://www.vmware.com/download/ws/\r\n Release notes:\r\n http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\r\n\r\n Windows binary\r\n md5sum: f50a05831e94c19d98f363c752fca5f9\r\n\r\n RPM Installation file for 32-bit Linux\r\n md5sum: e7793b14b995d3b505f093c84e849421\r\n\r\n tar Installation file for 32-bit Linux\r\n md5sum: a0a8e1d8188f4be03357872a57a767ab\r\n\r\n RPM Installation file for 64-bit Linux\r\n md5sum: 960d753038a268b8f101f4b853c0257e\r\n\r\n tar Installation file for 64-bit Linux\r\n md5sum: 4697ec8a9d6c1152d785f3b77db9d539\r\n\r\n VMware Workstation 5.5.7\r\n ------------------------\r\n http://www.vmware.com/download/ws/ws5.html\r\n Release notes:\r\n http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\r\n\r\n Windows binary:\r\n md5sum: 4c6a6653b7296240197aac048591c659\r\n\r\n Compressed Tar archive for 32-bit Linux\r\n md5sum: 8fc15d72031489cf5cd5d47b966787e6\r\n\r\n Linux RPM version for 32-bit Linux\r\n md5sum: f0872fe447ac654a583af16b2f4bba3f\r\n\r\n\r\n VMware Player 2.0.4 and 1.0.7\r\n -----------------------------\r\n http://www.vmware.com/download/player/\r\n Release notes Player 1.x:\r\n http://www.vmware.com/support/player/doc/releasenotes_player.html\r\n Release notes Player 2.0\r\n http://www.vmware.com/support/player2/doc/releasenotes_player2.html\r\n\r\n 2.0.4 Windows binary\r\n md5sum: a117664a8bfa7336b846117e5fc048dd\r\n\r\n VMware Player 2.0.4 for Linux &#40;.rpm&#41;\r\n md5sum: de6ab6364a0966b68eadda2003561cd2\r\n\r\n VMware Player 2.0.4 for Linux &#40;.tar&#41;\r\n md5sum: 9e1c2bfda6b22a3fc195a86aec11903a\r\n\r\n VMware Player 2.0.4 - 64-bit &#40;.rpm&#41;\r\n md5sum: 997e5ceffe72f9ce9146071144dacafa\r\n\r\n VMware Player 2.0.4 - 64-bit &#40;.tar&#41;\r\n md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef\r\n\r\n 1.0.7 Windows binary\r\n md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c\r\n\r\n Player 1.0.7 for Linux &#40;.rpm&#41;\r\n md5sum: 3b5f97a37df3b984297fa595a5cdba9c\r\n\r\n Player 1.0.7 for Linux &#40;.tar&#41;\r\n md5sum: b755739144944071492a16fa20f86a51\r\n\r\n\r\n VMware ACE\r\n ----------\r\n http://www.vmware.com/download/ace/\r\n Release notes 2.0:\r\n http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\r\n\r\n VMware-workstation-6.0.4-93057.exe\r\n md5sum: f50a05831e94c19d98f363c752fca5f9\r\n\r\n VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip\r\n md5sum: d2ae2246f3d87268cf84c1421d94e86c\r\n\r\n VMware-ACE-Management-Server-2.0.4-93057.exe\r\n md5sum: 41b31b3392d5da2cef77a7bb28654dbf\r\n\r\n VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm\r\n md5sum: 9920be4c33773df53a1728b41af4b109\r\n\r\n VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm\r\n md5sum: 4ec4c37203db863e8844460b5e80920b\r\n\r\n Release notes 1.x:\r\n http://www.vmware.com/support/ace/doc/releasenotes_ace.html\r\n\r\n VMware-ACE-1.0.6-89199.exe\r\n md5sum: 110f6e24842a0d154d9ec55ef9225f4f\r\n\r\n\r\n VMware Server 1.0.6\r\n -------------------\r\n http://www.vmware.com/download/server/\r\n Release notes:\r\n http://www.vmware.com/support/server/doc/releasenotes_server.html\r\n\r\n VMware Server for Windows 32-bit and 64-bit\r\n md5sum: 3e00d5cfae123d875e4298bddabf12f5\r\n\r\n VMware Server Windows client package\r\n md5sum: 64f3fc1b4520626ae465237d7ec4773e\r\n\r\n VMware Server for Linux\r\n md5sum: 46ea876bfb018edb6602a921f6597245\r\n\r\n VMware Server for Linux rpm\r\n md5sum: 9d2f0af908aba443ef80bec8f7ef3485\r\n\r\n Management Interface\r\n md5sum: 1b3daabbbb49a036fe49f53f812ef64b\r\n\r\n VMware Server Linux client package\r\n md5sum: 185e5b174659f366fcb38b1c4ad8d3c6\r\n\r\n\r\n VMware Fusion 1.1.3\r\n --------------\r\n http://www.vmware.com/download/fusion/\r\n Release notes:\r\n http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\r\n md5sum: D15A3DFD3E7B11FC37AC684586086D\r\n\r\n\r\n VMware VIX 1.1.4\r\n ----------------\r\n http://www.vmware.com/support/developer/vix-api/\r\n Release notes:\r\n http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html\r\n VMware-vix-1.1.4-93057.exe\r\n md5sum: 2efb74618c7ead627ecb3b3033e3f9f6\r\n\r\n VMware-vix-1.1.4-93057.i386.tar.gz\r\n md5sum: 988df2b2bbc975a6fc11f27ad1519832\r\n\r\n VMware-vix-1.1.4-93057.x86_64.tar.gz\r\n md5sum: a64f951c6fb5b2795a29a5a7607059c0\r\n\r\n\r\n ESXi\r\n ----\r\n VMware ESXi 3.5 patch ESXe350-200805501-O-SG &#40;authd, openwsman, VIX&#41;\r\n http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip\r\n md5sum: 4ce06985d520e94243db1e0504a56d8c\r\n http://kb.vmware.com/kb/1005073\r\n http://kb.vmware.com/kb/1004173\r\n http://kb.vmware.com/kb/1004172\r\n\r\n NOTE: ESXe350-200805501-O-SG contains the following patch bundles:\r\n ESXe350-200805501-I-SG, ESXe350-200805502-T-SG,\r\n ESXe350-200805503-C-SG\r\n\r\n\r\n ESX\r\n ---\r\n VMware ESX 3.5 patch ESX350-200805515-SG &#40;authd&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip\r\n md5sum: 324b50ade230bcd5079a76e3636163c5\r\n http://kb.vmware.com/kb/1004170\r\n\r\n VMware ESX 3.5 patch ESX350-200805508-SG &#40;openwsman&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip\r\n md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12\r\n http://kb.vmware.com/kb/1004644\r\n\r\n VMware ESX 3.5 patch ESX350-200805501-BG &#40;VIX&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip\r\n md5sum: 31a620aa249c593c30015b5b6f8c8650\r\n http://kb.vmware.com/kb/1004637\r\n\r\n VMware ESX 3.5 patch ESX350-200805504-SG &#40;cyrus-sasl&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip\r\n md5sum: 4c1b1a8dcb09a636b55c64c290f7de51\r\n http://kb.vmware.com/kb/1004640\r\n\r\n VMware ESX 3.5 patch ESX350-200805506-SG &#40;tcltk&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip\r\n md5sum: af279eef8fdeddb7808630da1ae717b1\r\n http://kb.vmware.com/kb/1004642\r\n\r\n VMware ESX 3.5 patch ESX350-200805505-SG &#40;unzip&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip\r\n md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6\r\n http://kb.vmware.com/kb/1004641\r\n\r\n VMware ESX 3.5 patch ESX350-200805507-SG &#40;krb5&#41;\r\n http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip\r\n md5sum: 5d35a1c470daf13c9f4df5bdc9438748\r\n http://kb.vmware.com/kb/1004643\r\n\r\n VMware ESX 3.0.2 patch ESX-1004727 &#40;HGFS,VIX&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004727.tgz\r\n md5sum: 31a67b0fa3449747887945f8d370f19e\r\n http://kb.vmware.com/kb/1004727\r\n\r\n VMware ESX 3.0.2 patch ESX-1004821 &#40;authd&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004821.tgz\r\n md5sum: 5c147bedd07245c903d44257522aeba1\r\n http://kb.vmware.com/kb/1004821\r\n\r\n VMware ESX 3.0.2 patch ESX-1004216 &#40;VIX&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004216.tgz\r\n md5sum: 0784ef70420d28a9a5d6113769f6669a\r\n http://kb.vmware.com/kb/1004216\r\n\r\n VMware ESX 3.0.2 patch ESX-1004726 &#40;VIX&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004726.tgz\r\n md5sum: 44f03b274867b534cd274ccdf4630b86\r\n http://kb.vmware.com/kb/1004726\r\n\r\n VMware ESX 3.0.2 patch ESX-1004722 &#40;cyrus-sasl&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004722.tgz\r\n md5sum: 99dc71aed5bab7711f573b6d322123d6\r\n http://kb.vmware.com/kb/1004722\r\n\r\n VMware ESX 3.0.2 patch ESX-1004724 &#40;tcltk&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004724.tgz\r\n md5sum: fd9a160ca7baa5fc443f2adc8120ecf7\r\n http://kb.vmware.com/kb/1004724\r\n\r\n VMware ESX 3.0.2 patch ESX-1004719 &#40;unzip&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004719.tgz\r\n md5sum: f0c37b9f6be3399536d60f6c6944de82\r\n http://kb.vmware.com/kb/1004719\r\n\r\n VMware ESX 3.0.2 patch ESX-1004219 &#40;krb5&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004219.tgz\r\n md5sum: 7c68279762f407a7a5ee151a650ebfd4\r\n http://kb.vmware.com/kb/1004219\r\n\r\n VMware ESX 3.0.1 patch ESX-1004186 &#40;HGFS,VIX&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004186.tgz\r\n md5sum: f64389a8b97718eccefadce1a14d1198\r\n http://kb.vmware.com/kb/1004186\r\n\r\n VMware ESX 3.0.1 patch ESX-1004728 &#40;authd&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004728.tgz\r\n md5sum: 1f01bb819805b855ffa2ec1040eff5ca\r\n http://kb.vmware.com/kb/1004728\r\n\r\n VMware ESX 3.0.1 patch ESX-1004725 &#40;VIX&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004725.tgz\r\n md5sum: 9fafb04c6d3f6959e623832f539d2dc8\r\n http://kb.vmware.com/kb/1004725\r\n\r\n VMware ESX 3.0.1 patch ESX-1004721 &#40;cyrus-sasl&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004721.tgz\r\n md5sum: 48190819b0f5afddefcb8d209d12b585\r\n http://kb.vmware.com/kb/1004721\r\n\r\n VMware ESX 3.0.1 patch ESX-1004723 &#40;tcltk&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004723.tgz\r\n md5sum: c34ca0a5886e0c0917a93a97c331fd7d\r\n http://kb.vmware.com/kb/1004723\r\n\r\n VMware ESX 3.0.1 patch ESX-1004190 &#40;unzip&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004190.tgz\r\n md5sum: 05187b9f534048c79c62741367cc0dd2\r\n http://kb.vmware.com/kb/1004190\r\n\r\n VMware ESX 3.0.1 patch ESX-1004189 &#40;krb5&#41;\r\n http://download3.vmware.com/software/vi/ESX-1004189.tgz\r\n md5sum: 21b620530b99009f469c872e73a439e8\r\n http://kb.vmware.com/kb/1004189\r\n\r\n VMware ESX 2.5.5 Upgrade Patch 8\r\n http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz\r\n md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e\r\n http://vmware.com/support/esx25/doc/esx-255-200805-patch.html\r\n\r\n VMware ESX 2.5.4 Upgrade Patch 19\r\n http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz\r\n md5sum: 442788fd0bccb0d994c75b268bd12760\r\n http://vmware.com/support/esx25/doc/esx-254-200805-patch.html\r\n\r\n5. References:\r\n\r\n CVE numbers\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948\r\n\r\n6. Change log:\r\n\r\n2008-06-04 VMSA-2008-0009 Initial release\r\n\r\n- -------------------------------------------------------------------\r\n7. Contact:\r\n\r\nE-mail list for product security notifications and announcements:\r\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\nThis Security Advisory is posted to the following lists:\r\n\r\n * security-announce@lists.vmware.com\r\n * bugtraq@securityfocus.com\r\n * full-disclosure@lists.grok.org.uk\r\n\r\nE-mail: security@vmware.com\r\nPGP key at: http://kb.vmware.com/kb/1055\r\n\r\nVMware Security Center\r\nhttp://www.vmware.com/security\r\n\r\nVMware security response policy\r\nhttp://www.vmware.com/support/policies/security_response.html\r\n\r\nGeneral support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos.html\r\n\r\nVMware Infrastructure support life cycle policy\r\nhttp://www.vmware.com/support/policies/eos_vi.html\r\n\r\nCopyright 2008 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj\r\nCZvxoXw/sZxDCSDjVzYAhrA=\r\n=s04s\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2008-06-05T00:00:00", "title": "VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:26", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-0967", "CVE-2008-0063", "CVE-2008-0553", "CVE-2008-0948", "CVE-2008-0888", "CVE-2007-5378", "CVE-2006-1721", "CVE-2008-2097", "CVE-2007-4772", "CVE-2008-2100", "CVE-2007-5671", "CVE-2008-0062"], "modified": "2008-06-05T00:00:00", "id": "SECURITYVULNS:DOC:19969", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19969", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:17", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4772", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6067", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6600", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4769", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6601", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3278"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "8.1.11-0ubuntu0.6.06.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "8.2.6-0ubuntu0.7.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "8.1.11-0ubuntu0.6.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "8.2.6-0ubuntu0.7.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "8.1.11-0ubuntu0.6.06.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.10", "packageVersion": "8.2.6-0ubuntu0.7.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-pltcl-8.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "7.04", "packageVersion": "8.2.6-0ubuntu0.7.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-pltcl-8.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.10", "packageVersion": "8.1.11-0ubuntu0.6.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.1", "operator": "lt"}], "description": "Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)\n\nIt was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\n\nIt was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600)", "edition": 3, "reporter": "Ubuntu", "published": "2008-01-14T00:00:00", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-3278", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-14T00:00:00", "id": "USN-568-1", "href": "https://usn.ubuntu.com/568-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:46", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3230", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3231", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3229"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "8.3.8-0ubuntu8.04", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "8.3.8-0ubuntu9.04", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "8.1.18-0ubuntu0.6.06", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "8.3.8-0ubuntu8.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.3", "operator": "lt"}], "description": "It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3229)\n\nDue to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. (CVE-2009-3230)\n\nIt was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS. (CVE-2009-3231)", "edition": 3, "reporter": "Ubuntu", "published": "2009-09-21T00:00:00", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-3229"], "modified": "2009-09-21T00:00:00", "id": "USN-834-1", "href": "https://usn.ubuntu.com/834-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-05-06T19:00:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-pltcl", "packageFilename": "postgresql-pltcl-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql", "packageFilename": "postgresql-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-plpython", "packageFilename": "postgresql-plpython-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-plperl", "packageFilename": "postgresql-plperl-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "i386", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.2.6-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "i386", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el4s1.1.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-plpython", "packageFilename": "postgresql-plpython-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-pltcl", "packageFilename": "postgresql-pltcl-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-plperl", "packageFilename": "postgresql-plperl-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "8.1.11-1.el4s1.1", "arch": "x86_64", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el4s1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.6-1.el5s2", "arch": "x86_64", "packageName": "postgresql", "packageFilename": "postgresql-8.2.6-1.el5s2.x86_64.rpm", "operator": "lt"}], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression\r\nengine. An authenticated attacker could use these flaws to cause a denial\r\nof service by causing the PostgreSQL server to crash, enter an infinite\r\nloop, or use extensive CPU and memory resources while processing queries\r\ncontaining specially crafted regular expressions. Applications that accept\r\nregular expressions from untrusted sources may expose this problem to\r\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 8.1.11 and 8.2.6, and resolve these issues.", "reporter": "RedHat", "published": "2008-02-01T05:00:00", "type": "redhat", "title": "(RHSA-2008:0040) Moderate: postgresql security update", "enchantments": {"score": {"modified": "2018-05-06T19:00:40", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3278", "CVE-2007-4769", "CVE-2007-4772", "CVE-2007-6067", "CVE-2007-6600", "CVE-2007-6601"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:41:45", "id": "RHSA-2008:0040", "href": "https://access.redhat.com/errata/RHSA-2008:0040", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-8.1.11-1.el5_1.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.19-1.el4_6.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.1.11-1.el5_1.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.19-1.el4_6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.1.11-1.el5_1.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.19-1.el4_6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.1.11-1.el5_1.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.19-1.el4_6.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.19-1.el4_6.1.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.11-1.el5_1.1", "packageName": "postgresql", "packageFilename": "postgresql-8.1.11-1.el5_1.1.src.rpm", "arch": "src", "operator": "lt"}], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nWill Drewry discovered multiple flaws in PostgreSQL's regular expression\r\nengine. An authenticated attacker could use these flaws to cause a denial\r\nof service by causing the PostgreSQL server to crash, enter an infinite\r\nloop, or use extensive CPU and memory resources while processing queries\r\ncontaining specially crafted regular expressions. Applications that accept\r\nregular expressions from untrusted sources may expose this problem to\r\nunauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed. (CVE-2007-3278,\r\nCVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.4.19 and 8.1.11, and resolve these issues.", "reporter": "RedHat", "published": "2008-01-11T05:00:00", "type": "redhat", "title": "(RHSA-2008:0038) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3278", "CVE-2007-4769", "CVE-2007-4772", "CVE-2007-6067", "CVE-2007-6600", "CVE-2007-6601"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:53:40", "id": "RHSA-2008:0038", "href": "https://access.redhat.com/errata/RHSA-2008:0038", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-01T06:57:32", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-docs-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-docs", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-test-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-test", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-devel-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-devel", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-jdbc-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.ppc64.rpm", "packageName": "rh-postgresql-libs", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-tcl-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-tcl", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-contrib-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-contrib", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-pl-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-pl", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-libs-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-libs", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-server-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-server", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-1", "packageFilename": "rh-postgresql-python-7.3.21-1.ppc.rpm", "packageName": "rh-postgresql-python", "arch": "ppc", "operator": "lt"}], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.3.21 and resolve these issues.", "reporter": "RedHat", "published": "2008-01-11T05:00:00", "type": "redhat", "title": "(RHSA-2008:0039) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-3278", "CVE-2007-6600", "CVE-2007-6601"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-07-28T18:43:54", "id": "RHSA-2008:0039", "href": "https://access.redhat.com/errata/RHSA-2008:0039", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:57", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-debuginfo", "packageFilename": "tcl-debuginfo-8.4.13-6.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl", "packageFilename": "tcl-8.4.13-6.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.4.13-6.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.4.13-6.el5", "packageName": "tcl-html", "packageFilename": "tcl-html-8.4.13-6.el5.ia64.rpm", "arch": "ia64", "operator": "lt"}], "description": "Tcl (Tool Command Language) provides a powerful platform for creating\nintegration applications that tie together diverse applications, protocols,\ndevices, and frameworks. When paired with the Tk toolkit, Tcl provides a\nfast and powerful way to create cross-platform GUI applications.\n\nTwo denial of service flaws were found in the Tcl regular expression\nhandling engine. If Tcl or an application using Tcl processed a\nspecially-crafted regular expression, it would lead to excessive CPU and\nmemory consumption. (CVE-2007-4772, CVE-2007-6067)\n\nThis update also fixes the following bug:\n\n* Due to a suboptimal implementation of threading in the current version of\nthe Tcl language interpreter, an attempt to use threads in combination with\nfork in a Tcl script could cause the script to stop responding. At the\nmoment, it is not possible to rewrite the source code or drop support for\nthreading entirely. Consequent to this, this update provides a version of\nTcl without threading support in addition to the standard version with this\nsupport. Users who need to use fork in their Tcl scripts and do not require\nthreading can now switch to the version without threading support by using\nthe alternatives command. (BZ#478961)\n\nAll users of Tcl are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2013-01-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0122) Moderate: tcl security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4772", "CVE-2007-6067"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:16:41", "id": "RHSA-2013:0122", "href": "https://access.redhat.com/errata/RHSA-2013:0122", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-05-27T21:42:34", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-pl", "packageFilename": "rh-postgresql-pl-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-test", "packageFilename": "rh-postgresql-test-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-devel", "packageFilename": "rh-postgresql-devel-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-contrib", "packageFilename": "rh-postgresql-contrib-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-python", "packageFilename": "rh-postgresql-python-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-jdbc", "packageFilename": "rh-postgresql-jdbc-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-libs", "packageFilename": "rh-postgresql-libs-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc64", "packageName": "rh-postgresql-libs", "packageFilename": "rh-postgresql-libs-7.3.21-2.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-server", "packageFilename": "rh-postgresql-server-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql", "packageFilename": "rh-postgresql-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-docs", "packageFilename": "rh-postgresql-docs-7.3.21-2.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-2", "arch": "ppc", "packageName": "rh-postgresql-tcl", "packageFilename": "rh-postgresql-tcl-7.3.21-2.ppc.rpm", "operator": "lt"}], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0039 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nAll PostgreSQL users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If you are running a\nPostgreSQL server, the postgresql service must be restarted for this update\nto take effect.", "reporter": "RedHat", "published": "2009-10-07T04:00:00", "type": "redhat", "title": "(RHSA-2009:1485) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-3230"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2009:1485", "href": "https://access.redhat.com/errata/RHSA-2009:1485", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:11", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "src", "packageFilename": "postgresql-7.4.26-1.el4_8.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc64", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.ppc64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "ppc", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.ppc.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.s390.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-contrib-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-devel-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-server-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-python-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-test-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-docs-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-libs-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-jdbc-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-tcl-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.26-1.el4_8.1", "arch": "s390x", "packageFilename": "postgresql-pl-7.4.26-1.el4_8.1.s390x.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "src", "packageFilename": "postgresql-8.1.18-2.el5_4.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc64", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.ppc64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc64", "packageFilename": "postgresql-8.1.18-2.el5_4.1.ppc64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc64", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.ppc64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ppc", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.ppc.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.s390.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.s390.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "s390x", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.s390x.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "i386", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-docs-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-python-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-pl-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-server-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-tcl-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-libs-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-devel-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.18-2.el5_4.1", "arch": "ia64", "packageFilename": "postgresql-test-8.1.18-2.el5_4.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "reporter": "RedHat", "published": "2009-10-07T04:00:00", "type": "redhat", "title": "(RHSA-2009:1484) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:11:25", "id": "RHSA-2009:1484", "href": "https://access.redhat.com/errata/RHSA-2009:1484", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-11T21:13:14", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.3.5-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "ia64", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390x", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.3-75", "arch": "i386", "packageName": "tk", "packageFilename": "tk-8.3.3-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ppc64", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "s390", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ppc", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390x", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-92.8", "arch": "s390", "packageName": "itcl", "packageFilename": "itcl-3.2-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "x86_64", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.2.0b1-75", "arch": "ia64", "packageName": "tix", "packageFilename": "tix-8.2.0b1-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ia64", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "ppc", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-92.8", "arch": "x86_64", "packageName": "itcl", "packageFilename": "itcl-3.2-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.1.4-92.8", "arch": "s390x", "packageName": "tix", "packageFilename": "tix-8.1.4-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ppc", "packageName": "tk-devel", "packageFilename": "tk-devel-8.3.5-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.3-75", "arch": "ia64", "packageName": "tk", "packageFilename": "tk-8.3.3-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-75", "arch": "i386", "packageName": "itcl", "packageFilename": "itcl-3.2-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390x", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.3.5-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "i386", "packageName": "expect", "packageFilename": "expect-5.38.0-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "s390x", "packageName": "expect", "packageFilename": "expect-5.38.0-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "ppc", "packageName": "expect-devel", "packageFilename": "expect-devel-5.38.0-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-75", "arch": "ia64", "packageName": "itcl", "packageFilename": "itcl-3.2-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ppc64", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ppc", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.3.5-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-92.8", "arch": "s390x", "packageName": "itcl", "packageFilename": "itcl-3.2-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.1.4-92.8", "arch": "x86_64", "packageName": "tix", "packageFilename": "tix-8.1.4-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "i386", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.3-75", "arch": "i386", "packageName": "tcl", "packageFilename": "tcl-8.3.3-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-75", "arch": "i386", "packageName": "tclx", "packageFilename": "tclx-8.3-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "ppc", "packageName": "expect", "packageFilename": "expect-5.38.0-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "s390x", "packageName": "expect-devel", "packageFilename": "expect-devel-5.38.0-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.1.4-92.8", "arch": "ppc", "packageName": "tix", "packageFilename": "tix-8.1.4-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.1.4-92.8", "arch": "ia64", "packageName": "tix", "packageFilename": "tix-8.1.4-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "x86_64", "packageName": "expect-devel", "packageFilename": "expect-devel-5.38.0-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "s390x", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0-75", "arch": "ia64", "packageName": "tcllib", "packageFilename": "tcllib-1.0-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageName": "tk-devel", "packageFilename": "tk-devel-8.3.5-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-92.8", "arch": "ia64", "packageName": "itcl", "packageFilename": "itcl-3.2-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-92.8", "arch": "ppc64", "packageName": "tclx", "packageFilename": "tclx-8.3-92.8.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ia64", "packageName": "tk-devel", "packageFilename": "tk-devel-8.3.5-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "ia64", "packageName": "expect", "packageFilename": "expect-5.38.0-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "s390", "packageName": "expect", "packageFilename": "expect-5.38.0-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "i386", "packageName": "expect-devel", "packageFilename": "expect-devel-5.38.0-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "ia64", "packageName": "expect-devel", "packageFilename": "expect-devel-5.38.0-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390x", "packageName": "tk-devel", "packageFilename": "tk-devel-8.3.5-92.8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-75", "arch": "i386", "packageName": "expect", "packageFilename": "expect-5.38.0-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.1.4-92.8", "arch": "i386", "packageName": "tix", "packageFilename": "tix-8.1.4-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "s390", "packageName": "expect-devel", "packageFilename": "expect-devel-5.38.0-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.3-75", "arch": "ia64", "packageName": "tcl", "packageFilename": "tcl-8.3.3-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.0-75", "arch": "i386", "packageName": "tcllib", "packageFilename": "tcllib-1.0-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageName": "tk", "packageFilename": "tk-8.3.5-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-75", "arch": "ia64", "packageName": "expect", "packageFilename": "expect-5.38.0-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "i386", "packageName": "tk-devel", "packageFilename": "tk-devel-8.3.5-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ia64", "packageName": "tcl", "packageFilename": "tcl-8.3.5-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3-75", "arch": "ia64", "packageName": "tclx", "packageFilename": "tclx-8.3-75.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ppc", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.3.5-92.8.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-92.8", "arch": "i386", "packageName": "itcl", "packageFilename": "itcl-3.2-92.8.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.1.4-92.8", "arch": "s390", "packageName": "tix", "packageFilename": "tix-8.1.4-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.2.0b1-75", "arch": "i386", "packageName": "tix", "packageFilename": "tix-8.2.0b1-75.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "ia64", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.3.5-92.8.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "s390", "packageName": "tk-devel", "packageFilename": "tk-devel-8.3.5-92.8.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "8.3.5-92.8", "arch": "x86_64", "packageName": "tcl-devel", "packageFilename": "tcl-devel-8.3.5-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "5.38.0-92.8", "arch": "x86_64", "packageName": "expect", "packageFilename": "expect-5.38.0-92.8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "3.2-92.8", "arch": "ppc", "packageName": "itcl", "packageFilename": "itcl-3.2-92.8.ppc.rpm", "operator": "lt"}], "description": "Tcl is a scripting language designed for embedding into other applications\r\nand for use with Tk, a widget set.\r\n\r\nAn input validation flaw was discovered in Tk's GIF image handling. A\r\ncode-size value read from a GIF image was not properly validated before\r\nbeing used, leading to a buffer overflow. A specially crafted GIF file\r\ncould use this to cause a crash or, potentially, execute code with the\r\nprivileges of the application using the Tk graphical toolkit.\r\n(CVE-2008-0553)\r\n\r\nA buffer overflow flaw was discovered in Tk's animated GIF image handling.\r\nAn animated GIF containing an initial image smaller than subsequent images\r\ncould cause a crash or, potentially, execute code with the privileges of\r\nthe application using the Tk library. (CVE-2007-5378)\r\n\r\nA flaw in the Tcl regular expression handling engine was discovered by Will\r\nDrewry. This flaw, first discovered in the Tcl regular expression engine\r\nused in the PostgreSQL database server, resulted in an infinite loop when\r\nprocessing certain regular expressions. (CVE-2007-4772)\r\n\r\nAll users are advised to upgrade to these updated packages which contain\r\nbackported patches which resolve these issues.", "reporter": "RedHat", "published": "2008-02-21T05:00:00", "type": "redhat", "title": "(RHSA-2008:0134) Moderate: tcltk security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4772", "CVE-2007-5378", "CVE-2008-0553"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-11T23:26:48", "id": "RHSA-2008:0134", "href": "https://access.redhat.com/errata/RHSA-2008:0134", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-06T19:01:25", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.8.1-2.el5s2", "arch": "noarch", "packageName": "php-pear", "packageFilename": "php-pear-1.8.1-2.el5s2.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-odbc", "packageFilename": "php-odbc-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-soap", "packageFilename": "php-soap-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.510-1jpp.el5s2", "arch": "i386", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-8.2.510-1jpp.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql-cluster", "packageFilename": "mysql-cluster-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-mysql", "packageFilename": "php-mysql-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-devel", "packageFilename": "php-devel-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-ncurses", "packageFilename": "php-ncurses-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-ldap", "packageFilename": "php-ldap-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-cli", "packageFilename": "php-cli-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "i386", "packageName": "httpd-manual", "packageFilename": "httpd-manual-2.2.13-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql", "packageFilename": "postgresql-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "i386", "packageName": "mod_ssl", "packageFilename": "mod_ssl-2.2.13-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql", "packageFilename": "mysql-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "4.012-1.el5s2", "arch": "i386", "packageName": "perl-DBD-MySQL", "packageFilename": "perl-DBD-MySQL-4.012-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-xml", "packageFilename": "php-xml-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-plperl", "packageFilename": "postgresql-plperl-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "i386", "packageName": "httpd", "packageFilename": "httpd-2.2.13-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-snmp", "packageFilename": "php-snmp-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql-bench", "packageFilename": "mysql-bench-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-plpython", "packageFilename": "postgresql-plpython-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-common", "packageFilename": "php-common-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-pdo", "packageFilename": "php-pdo-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.609-1.el5s2", "arch": "i386", "packageName": "perl-DBI", "packageFilename": "perl-DBI-1.609-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql-libs", "packageFilename": "mysql-libs-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php", "packageFilename": "php-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-gd", "packageFilename": "php-gd-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-dba", "packageFilename": "php-dba-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "i386", "packageName": "php-imap", "packageFilename": "php-imap-5.2.10-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-pltcl", "packageFilename": "postgresql-pltcl-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql-test", "packageFilename": "mysql-test-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql-server", "packageFilename": "mysql-server-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "i386", "packageName": "httpd-devel", "packageFilename": "httpd-devel-2.2.13-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "i386", "packageName": "mysql-devel", "packageFilename": "mysql-devel-5.0.84-2.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "i386", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.2.14-1.el5s2.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql-libs", "packageFilename": "mysql-libs-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-plperl", "packageFilename": "postgresql-plperl-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-test", "packageFilename": "postgresql-test-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "x86_64", "packageName": "mod_ssl", "packageFilename": "mod_ssl-2.2.13-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-odbc", "packageFilename": "php-odbc-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-xml", "packageFilename": "php-xml-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql-cluster", "packageFilename": "mysql-cluster-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql", "packageFilename": "postgresql-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.510-1jpp.el5s2", "arch": "x86_64", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-8.2.510-1jpp.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-bcmath", "packageFilename": "php-bcmath-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-xmlrpc", "packageFilename": "php-xmlrpc-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-snmp", "packageFilename": "php-snmp-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-cli", "packageFilename": "php-cli-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "4.012-1.el5s2", "arch": "x86_64", "packageName": "perl-DBD-MySQL", "packageFilename": "perl-DBD-MySQL-4.012-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-mbstring", "packageFilename": "php-mbstring-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-python", "packageFilename": "postgresql-python-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-common", "packageFilename": "php-common-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql-devel", "packageFilename": "mysql-devel-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-ncurses", "packageFilename": "php-ncurses-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-dba", "packageFilename": "php-dba-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-ldap", "packageFilename": "php-ldap-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-server", "packageFilename": "postgresql-server-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql-server", "packageFilename": "mysql-server-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql-bench", "packageFilename": "mysql-bench-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-soap", "packageFilename": "php-soap-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-pdo", "packageFilename": "php-pdo-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php", "packageFilename": "php-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-devel", "packageFilename": "php-devel-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.609-1.el5s2", "arch": "x86_64", "packageName": "perl-DBI", "packageFilename": "perl-DBI-1.609-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-gd", "packageFilename": "php-gd-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql", "packageFilename": "mysql-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-pltcl", "packageFilename": "postgresql-pltcl-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-plpython", "packageFilename": "postgresql-plpython-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "x86_64", "packageName": "httpd-devel", "packageFilename": "httpd-devel-2.2.13-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-mysql", "packageFilename": "php-mysql-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-imap", "packageFilename": "php-imap-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "x86_64", "packageName": "httpd", "packageFilename": "httpd-2.2.13-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.0.84-2.el5s2", "arch": "x86_64", "packageName": "mysql-test", "packageFilename": "mysql-test-5.0.84-2.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "5.2.10-1.el5s2", "arch": "x86_64", "packageName": "php-pgsql", "packageFilename": "php-pgsql-5.2.10-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.2.14-1.el5s2", "arch": "x86_64", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-8.2.14-1.el5s2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.2.13-2.el5s2", "arch": "x86_64", "packageName": "httpd-manual", "packageFilename": "httpd-manual-2.2.13-2.el5s2.x86_64.rpm", "operator": "lt"}], "description": "Red Hat Application Stack v2.4 is an integrated open source application\nstack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise\nApplication Platform (EAP). JBoss EAP is provided through the JBoss EAP\nchannels on the Red Hat Network.\n\nPostgreSQL was updated to version 8.2.14, fixing the following security\nissues:\n\nA flaw was found in the way PostgreSQL handles LDAP-based authentication.\nIf PostgreSQL was configured to use LDAP authentication and the LDAP server\nwas configured to allow anonymous binds, anyone able to connect to a given\ndatabase could use this flaw to log in as any database user, including a\nPostgreSQL superuser, without supplying a password. (CVE-2009-3231)\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0040 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handles external plug-ins. This flaw\ncould allow remote, authenticated users without superuser privileges to\ncrash the back-end server by using the LOAD command on libraries in\n\"/var/lib/pgsql/plugins/\" that have already been loaded, causing a\ntemporary denial of service during crash recovery. (CVE-2009-3229)\n\nMySQL was updated to version 5.0.84, fixing the following security issues:\n\nAn insufficient HTML entities quoting flaw was found in the mysql command\nline client's HTML output mode. If an attacker was able to inject arbitrary\nHTML tags into data stored in a MySQL database, which was later retrieved\nusing the mysql command line client and its HTML output mode, they could\nperform a cross-site scripting (XSS) attack against victims viewing the\nHTML output in a web browser. (CVE-2008-4456)\n\nMultiple format string flaws were found in the way the MySQL server logs\nuser commands when creating and deleting databases. A remote, authenticated\nattacker with permissions to CREATE and DROP databases could use these\nflaws to formulate a specifically-crafted SQL command that would cause a\ntemporary denial of service (open connections to mysqld are terminated).\n(CVE-2009-2446)\n\nNote: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld\n\"--log\" command line option or the \"log\" option in \"/etc/my.cnf\") must be\nenabled. This logging is not enabled by default.\n\nPHP was updated to version 5.2.10, fixing the following security issue:\n\nAn insufficient input validation flaw was discovered in the PHP\nexif_read_data() function, used to read Exchangeable image file format\n(Exif) metadata from images. An attacker could create a specially-crafted\nimage that could cause the PHP interpreter to crash or disclose portions of\nits memory while reading the Exif metadata from the image. (CVE-2009-2687)\n\nApache httpd has been updated with backported patches to correct the\nfollowing security issues:\n\nA NULL pointer dereference flaw was found in the Apache mod_proxy_ftp\nmodule. A malicious FTP server to which requests are being proxied could\nuse this flaw to crash an httpd child process via a malformed reply to the\nEPSV or PASV commands, resulting in a limited denial of service.\n(CVE-2009-3094)\n\nA second flaw was found in the Apache mod_proxy_ftp module. In a reverse\nproxy configuration, a remote attacker could use this flaw to bypass\nintended access restrictions by creating a carefully-crafted HTTP\nAuthorization header, allowing the attacker to send arbitrary commands to\nthe FTP server. (CVE-2009-3095)\n\nAlso, the following packages have been updated:\n\n* postgresql-jdbc to 8.2.510\n* php-pear to 1.8.1\n* perl-DBI to 1.609\n* perl-DBD-MySQL to 4.012\n\nAll users should upgrade to these updated packages, which resolve these\nissues. Users must restart the individual services, including postgresql,\nmysqld, and httpd, for this update to take effect.", "reporter": "RedHat", "published": "2009-09-23T04:00:00", "type": "redhat", "title": "(RHSA-2009:1461) Important: Red Hat Application Stack v2.4 security and enhancement update", "enchantments": {"score": {"modified": "2018-05-06T19:01:25", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2008-4456", "CVE-2009-2446", "CVE-2009-2687", "CVE-2009-3094", "CVE-2009-3095", "CVE-2009-3229", "CVE-2009-3230", "CVE-2009-3231"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-03T23:42:04", "id": "RHSA-2009:1461", "href": "https://access.redhat.com/errata/RHSA-2009:1461", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:35", "references": ["http://www.postgresql.org/about/news.905"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.3.21", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.3.21", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql", "operator": "lt"}], "description": "\nThe PostgreSQL developers report:\n\nPostgreSQL allows users to create indexes on the results of\n\t user-defined functions, known as \"expression indexes\". This provided\n\t two vulnerabilities to privilege escalation: (1) index functions\n\t were executed as the superuser and not the table owner during VACUUM\n\t and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION\n\t were permitted within index functions. Both of these holes have now\n\t been closed.\n\n\nPostgreSQL allowed malicious users to initiate a denial-of-service\n\t by passing certain regular expressions in SQL queries. First, users\n\t could create infinite loops using some specific regular expressions.\n\t Second, certain complex regular expressions could consume excessive\n\t amounts of memory. Third, out-of-range backref numbers could be used\n\t to crash the backend.\n\n\nDBLink functions combined with local trust or ident authentication\n\t could be used by a malicious user to gain superuser privileges. This\n\t issue has been fixed, and does not affect users who have not\n\t installed DBLink (an optional module), or who are using password\n\t authentication for local access. This same problem was addressed in\n\t the previous release cycle, but that patch failed to close all forms\n\t of the loophole.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2008-01-06T00:00:00", "title": "postgresql -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-01-06T00:00:00", "id": "51436B4C-1250-11DD-BAB7-0016179B2DD5", "href": "https://vuxml.freebsd.org/freebsd/51436b4c-1250-11dd-bab7-0016179b2dd5.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:37:19", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-8.2.6-0.1.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-libs-8.1.11-0.2.i586.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-8.1.11-0.2.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-devel-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-pl-8.1.11-0.2.i586.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc64", "packageFilename": "postgresql-8.2.6-0.1.ppc64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-server-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-pl-8.1.11-0.2.i586.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-libs-32bit-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-docs-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-docs-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-contrib-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-pltcl-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-pltcl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-libs-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-libs-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-docs-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-libs-x86-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-libs-x86", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-plperl-8.2.6-0.1.i586.rpm", "packageName": "postgresql-plperl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc64", "packageFilename": "postgresql-8.1.11-0.2.ppc64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-8.1.11-0.2.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-8.1.11-0.1.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-server-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-docs-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-pl-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-contrib-8.1.11-0.2.i586.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-docs-8.1.11-0.2.i586.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-devel-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-8.1.11-0.1.i586.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-server-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-8.1.11-0.2.i586.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-pl-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-server-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-plpython-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-plpython", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-libs-64bit-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-libs-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-devel-8.1.11-0.2.i586.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-server-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-contrib-8.2.6-0.1.i586.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-devel-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-devel-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-devel-8.1.11-0.1.i586.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-server-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-server-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc64", "packageFilename": "postgresql-8.1.11-0.2.ppc64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-libs-8.2.6-0.1.i586.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-8.1.11-0.2.i586.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-libs-32bit-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-docs-8.1.11-0.1.i586.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-8.1.11-0.2.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-libs-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-server-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-pl-8.1.11-0.2.i586.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-server-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-libs-8.1.11-0.1.i586.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-libs-64bit-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-libs-64bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-8.2.6-0.1.i586.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-pltcl-8.2.6-0.1.i586.rpm", "packageName": "postgresql-pltcl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-pl-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-8.1.11-0.2.i586.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-contrib-8.1.11-0.1.i586.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-contrib-8.1.11-0.2.i586.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-server-8.2.6-0.1.i586.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-contrib-8.1.11-0.2.i586.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-libs-32bit-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-devel-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-plpython-8.2.6-0.1.i586.rpm", "packageName": "postgresql-plpython", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-8.1.11-0.2.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-pl-8.1.11-0.1.i586.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-devel-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-pl-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-devel-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-docs-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-docs-8.1.11-0.2.i586.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-docs-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-devel-8.2.6-0.1.i586.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-devel-8.1.11-0.2.i586.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-pl-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-server-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-8.1.11-0.2.s390x.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-libs-64bit-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-libs-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-8.1.11-0.2.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-devel-8.1.11-0.2.i586.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-server-8.1.11-0.2.i586.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "i586", "packageFilename": "postgresql-docs-8.2.6-0.1.i586.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-libs-32bit-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-libs-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-plperl-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-plperl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-libs-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-libs-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-libs-32bit-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-pl-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-docs-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-pl-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "i586", "packageFilename": "postgresql-server-8.1.11-0.1.i586.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-pltcl-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-pltcl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-8.1.11-0.2.s390x.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.11-0.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-server-8.1.11-0.2.i586.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-docs-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-pl-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-devel-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc", "packageFilename": "postgresql-docs-8.1.11-0.1.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "x86_64", "packageFilename": "postgresql-plperl-8.2.6-0.1.x86_64.rpm", "packageName": "postgresql-plperl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-libs-8.1.11-0.2.i586.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-server-8.1.11-0.2.i586.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-docs-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-libs-64bit-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-libs-64bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-contrib-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "i586", "packageFilename": "postgresql-docs-8.1.11-0.2.i586.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.3", "packageVersion": "8.2.6-0.1", "arch": "ppc", "packageFilename": "postgresql-plpython-8.2.6-0.1.ppc.rpm", "packageName": "postgresql-plpython", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.11-0.2.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.2", "packageVersion": "8.1.11-0.1", "arch": "ppc64", "packageFilename": "postgresql-8.1.11-0.1.ppc64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "s390x", "packageFilename": "postgresql-devel-8.1.11-0.2.s390x.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ia64", "packageFilename": "postgresql-libs-8.1.11-0.2.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-libs-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-devel-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.1", "packageVersion": "8.1.11-0.2", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1.11-0.2.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}], "description": "The database server PostgreSQL had various security problems which have been fixed by upgrading to the respective minor versions fixing those problems.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "reporter": "Suse", "published": "2008-02-06T10:24:49", "title": "remote code execution in postgresql", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2007-4769", "CVE-2007-6600", "CVE-2007-4772", "CVE-2007-6601", "CVE-2007-6067"], "modified": "2008-02-06T10:24:49", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html", "id": "SUSE-SA:2008:005", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:21:59", "references": ["https://bugzilla.suse.com/966436", "https://bugzilla.suse.com/966435"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-devel-debuginfo", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-14.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-contrib", "packageFilename": "postgresql93-contrib-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-contrib", "packageFilename": "postgresql93-contrib-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93", "packageFilename": "postgresql93-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debugsource", "packageFilename": "postgresql93-debugsource-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debugsource", "packageFilename": "postgresql93-debugsource-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-docs", "packageFilename": "postgresql93-docs-9.3.11-14.2.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-server-debuginfo", "packageFilename": "postgresql93-server-debuginfo-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debuginfo", "packageFilename": "postgresql93-debuginfo-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-contrib-debuginfo", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93", "packageFilename": "postgresql93-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-server-debuginfo", "packageFilename": "postgresql93-server-debuginfo-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-devel-debuginfo", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-14.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-libs-debugsource", "packageFilename": "postgresql93-libs-debugsource-9.3.11-14.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-contrib", "packageFilename": "postgresql93-contrib-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-contrib-debuginfo", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debugsource", "packageFilename": "postgresql93-debugsource-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-libs-debugsource", "packageFilename": "postgresql93-libs-debugsource-9.3.11-14.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debuginfo", "packageFilename": "postgresql93-debuginfo-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-devel", "packageFilename": "postgresql93-devel-9.3.11-14.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-devel", "packageFilename": "postgresql93-devel-9.3.11-14.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-devel", "packageFilename": "postgresql93-devel-9.3.11-14.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93", "packageFilename": "postgresql93-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93", "packageFilename": "postgresql93-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debuginfo", "packageFilename": "postgresql93-debuginfo-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-server-debuginfo", "packageFilename": "postgresql93-server-debuginfo-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-libs-debugsource", "packageFilename": "postgresql93-libs-debugsource-9.3.11-14.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-server", "packageFilename": "postgresql93-server-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-server", "packageFilename": "postgresql93-server-9.3.11-14.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debuginfo", "packageFilename": "postgresql93-debuginfo-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-server", "packageFilename": "postgresql93-server-9.3.11-14.2.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-debugsource", "packageFilename": "postgresql93-debugsource-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.3.11-14.2", "packageName": "postgresql93-contrib-debuginfo", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-14.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.3.11-14.1", "packageName": "postgresql93-devel-debuginfo", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-14.1.ppc64le.rpm", "arch": "ppc64le", "operator": "lt"}], "description": "This update for postgresql93 fixes the following issues:\n\n - Security and bugfix release 9.3.11:\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, bsc#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, bsc#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix &quot;unresolved symbol&quot; errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.3/static/release-9-3-11.html\">http://www.postgresql.org/docs/9.3/static/release-9-3-11.html</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2016-02-22T14:11:16", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for postgresql93 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "modified": "2016-02-22T14:11:16", "id": "SUSE-SU-2016:0539-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00052.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:34", "references": ["https://bugzilla.suse.com/966436", "https://bugzilla.suse.com/578053", "https://bugzilla.suse.com/966435"], "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-contrib-debuginfo", "packageFilename": "postgresql94-contrib-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plperl-debuginfo", "packageFilename": "postgresql94-plperl-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libecpg6", "packageFilename": "libecpg6-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-devel-debuginfo", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-test", "packageFilename": "postgresql94-test-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libecpg6-debuginfo", "packageFilename": "libecpg6-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-libs-debugsource", "packageFilename": "postgresql94-libs-debugsource-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-server", "packageFilename": "postgresql94-server-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libpq5", "packageFilename": "libpq5-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-libs-debugsource", "packageFilename": "postgresql94-libs-debugsource-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-contrib", "packageFilename": "postgresql94-contrib-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-debuginfo", "packageFilename": "postgresql94-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-contrib-debuginfo", "packageFilename": "postgresql94-contrib-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libecpg6-debuginfo", "packageFilename": "libecpg6-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plperl", "packageFilename": "postgresql94-plperl-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-server-debuginfo", "packageFilename": "postgresql94-server-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plpython-debuginfo", "packageFilename": "postgresql94-plpython-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-docs", "packageFilename": "postgresql94-docs-9.4.6-4.1.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plpython", "packageFilename": "postgresql94-plpython-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libecpg6", "packageFilename": "libecpg6-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plpython", "packageFilename": "postgresql94-plpython-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-devel", "packageFilename": "postgresql94-devel-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libpq5-debuginfo", "packageFilename": "libpq5-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-contrib", "packageFilename": "postgresql94-contrib-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libpq5-debuginfo", "packageFilename": "libpq5-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-pltcl", "packageFilename": "postgresql94-pltcl-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-devel-debuginfo", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-pltcl", "packageFilename": "postgresql94-pltcl-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libecpg6-32bit", "packageFilename": "libecpg6-32bit-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-pltcl-debuginfo", "packageFilename": "postgresql94-pltcl-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plperl", "packageFilename": "postgresql94-plperl-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-server", "packageFilename": "postgresql94-server-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libpq5-debuginfo-32bit", "packageFilename": "libpq5-debuginfo-32bit-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-pltcl-debuginfo", "packageFilename": "postgresql94-pltcl-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libecpg6-debuginfo-32bit", "packageFilename": "libecpg6-debuginfo-32bit-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plperl-debuginfo", "packageFilename": "postgresql94-plperl-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94", "packageFilename": "postgresql94-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-server-debuginfo", "packageFilename": "postgresql94-server-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-debugsource", "packageFilename": "postgresql94-debugsource-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libpq5", "packageFilename": "libpq5-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "libpq5-32bit", "packageFilename": "libpq5-32bit-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-plpython-debuginfo", "packageFilename": "postgresql94-plpython-debuginfo-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94", "packageFilename": "postgresql94-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-devel", "packageFilename": "postgresql94-devel-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-test", "packageFilename": "postgresql94-test-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-debuginfo", "packageFilename": "postgresql94-debuginfo-9.4.6-4.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4.6-4.1", "packageName": "postgresql94-debugsource", "packageFilename": "postgresql94-debugsource-9.4.6-4.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "This update for postgresql94 fixes the following issues:\n\n - Security and bugfix release 9.4.6:\n * *** IMPORTANT *** Users of version 9.4 will need to reindex any\n jsonb_path_ops indexes they have created, in order to fix a persistent\n issue with missing index entries.\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, bsc#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, bsc#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix &quot;unresolved symbol&quot; errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.4/static/release-9-4-6.html\">http://www.postgresql.org/docs/9.4/static/release-9-4-6.html</a>\n\n - PL/Perl still needs to be linked with rpath, so that it can find\n libperl.so at runtime. bsc#578053, postgresql-plperl-keep-rpath.patch\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "reporter": "Suse", "published": "2016-02-25T14:11:50", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for postgresql94 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "modified": "2016-02-25T14:11:50", "id": "OPENSUSE-SU-2016:0578-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00056.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:51:41", "references": ["https://bugzilla.suse.com/966436", "https://bugzilla.suse.com/966435"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "libecpg6-9.3.11-2.10.1.i586.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-plpython-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-plpython", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-contrib-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-contrib", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-contrib-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-contrib", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-test-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "libecpg6-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "libecpg6-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-pltcl-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-pltcl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-libs-debugsource-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-libs-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-server-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-server", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libecpg6-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "libecpg6-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-test-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-plperl-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-plperl", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-pltcl-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-pltcl-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-pltcl-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-pltcl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-libs-debugsource-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-libs-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-plpython-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-plpython-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "noarch", "packageFilename": "postgresql93-docs-9.3.11-2.10.1.noarch.rpm", "packageName": "postgresql93-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-debugsource-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-pltcl-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-pltcl", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-devel-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-devel", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-pltcl-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-pltcl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-server-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-server-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-server-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-server-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libpq5-debuginfo-32bit-9.3.11-2.10.1.x86_64.rpm", "packageName": "libpq5-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-plpython-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-plpython", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-server-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-server", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-plperl-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-plperl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libecpg6-32bit-9.3.11-2.10.1.x86_64.rpm", "packageName": "libecpg6-32bit", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "noarch", "packageFilename": "postgresql93-docs-9.3.11-3.2.noarch.rpm", "packageName": "postgresql93-docs", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-libs-debugsource-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-libs-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-debugsource-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-server-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-server", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-server-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-server", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-plperl-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-plperl", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-plpython-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-plpython", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-plpython-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-plpython", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-server-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-server-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-contrib-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-contrib", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-pltcl-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-pltcl-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libecpg6-debuginfo-32bit-9.3.11-2.10.1.x86_64.rpm", "packageName": "libecpg6-debuginfo-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-pltcl-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-pltcl", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-contrib-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-devel-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libecpg6-9.3.11-2.10.1.x86_64.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-contrib-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-contrib", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-contrib-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libpq5-32bit-9.3.11-2.10.1.x86_64.rpm", "packageName": "libpq5-32bit", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-plperl-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-plperl", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-plpython-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-plpython-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-debugsource-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-plperl-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-plperl-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-debugsource-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-debugsource", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-libs-debugsource-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-libs-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-plpython-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-plpython-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-test-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-devel-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-devel-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "libpq5-9.3.11-2.10.1.i586.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-plpython-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-plpython-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-contrib-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-devel-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-contrib-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-contrib-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "libpq5-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "libpq5-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libpq5-9.3.11-2.10.1.x86_64.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-plperl-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-plperl", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-plperl-debuginfo-9.3.11-3.2.i586.rpm", "packageName": "postgresql93-plperl-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "i586", "packageFilename": "postgresql93-9.3.11-3.2.i586.rpm", "packageName": "postgresql93", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.4-6.1", "arch": "noarch", "packageFilename": "postgresql-init-9.4-6.1.noarch.rpm", "packageName": "postgresql-init", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-server-debuginfo-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-server-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "libpq5-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "libpq5-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "i586", "packageFilename": "postgresql93-pltcl-debuginfo-9.3.11-2.10.1.i586.rpm", "packageName": "postgresql93-pltcl-debuginfo", "operator": "lt"}, {"OS": "openSUSE Leap", "OSVersion": "42.1", "packageVersion": "9.3.11-3.2", "arch": "x86_64", "packageFilename": "postgresql93-test-9.3.11-3.2.x86_64.rpm", "packageName": "postgresql93-test", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "13.2", "packageVersion": "9.3.11-2.10.1", "arch": "x86_64", "packageFilename": "postgresql93-plperl-debuginfo-9.3.11-2.10.1.x86_64.rpm", "packageName": "postgresql93-plperl-debuginfo", "operator": "lt"}], "description": "This update for postgresql93 fixes the following issues:\n\n - Security and bugfix release 9.3.11:\n * Fix infinite loops and buffer-overrun problems in regular expressions\n (CVE-2016-0773, boo#966436).\n * Fix regular-expression compiler to handle loops of constraint arcs\n (CVE-2007-4772).\n * Prevent certain PL/Java parameters from being set by non-superusers\n (CVE-2016-0766, boo#966435).\n * Fix many issues in pg_dump with specific object types\n * Prevent over-eager pushdown of HAVING clauses for GROUPING SETS\n * Fix deparsing error with ON CONFLICT ... WHERE clauses\n * Fix tableoid errors for postgres_fdw\n * Prevent floating-point exceptions in pgbench\n * Make \\det search Foreign Table names consistently\n * Fix quoting of domain constraint names in pg_dump\n * Prevent putting expanded objects into Const nodes\n * Allow compile of PL/Java on Windows\n * Fix &quot;unresolved symbol&quot; errors in PL/Python execution\n * Allow Python2 and Python3 to be used in the same database\n * Add support for Python 3.5 in PL/Python\n * Fix issue with subdirectory creation during initdb\n * Make pg_ctl report status correctly on Windows\n * Suppress confusing error when using pg_receivexlog with older servers\n * Multiple documentation corrections and additions\n * Fix erroneous hash calculations in gin_extract_jsonb_path()\n - For the full release notse, see:\n <a rel=\"nofollow\" href=\"http://www.postgresql.org/docs/9.3/static/release-9-3-11.html\">http://www.postgresql.org/docs/9.3/static/release-9-3-11.html</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2016-02-21T11:11:04", "title": "Security update for postgresql93 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0773", "CVE-2007-4772", "CVE-2016-0766"], "modified": "2016-02-21T11:11:04", "id": "OPENSUSE-SU-2016:0531-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00049.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:47:17", "references": ["https://bugzilla.suse.com/966436", "https://bugzilla.suse.com/578053", "https://bugzilla.suse.com/966435"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libpq5-32bit-9.4.6-7.1.s390x.rpm", "packageName": "libpq5-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "libpq5-9.4.6-7.1.ppc64le.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-contrib-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libpq5-9.4.6-7.1.x86_64.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libecpg6-9.4.6-7.1.x86_64.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "libpq5-debuginfo-9.4.6-7.1.ppc64le.rpm", "packageName": "libpq5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-contrib-debuginfo-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94-contrib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libpq5-debuginfo-9.4.6-7.1.s390x.rpm", "packageName": "libpq5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libpq5-debuginfo-32bit-9.4.6-7.1.x86_64.rpm", "packageName": "libpq5-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libecpg6-debuginfo-9.4.6-7.1.s390x.rpm", "packageName": "libecpg6-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-server-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-7.1.ppc64le.rpm", "packageName": "postgresql94-devel-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-server-debuginfo-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-server-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libpq5-9.4.6-7.1.x86_64.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "postgresql94-devel-9.4.6-7.1.x86_64.rpm", "packageName": "postgresql94-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "postgresql94-libs-debugsource-9.4.6-7.1.s390x.rpm", "packageName": "postgresql94-libs-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-debuginfo-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "noarch", "packageFilename": "postgresql94-docs-9.4.6-7.2.noarch.rpm", "packageName": "postgresql94-docs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "libecpg6-debuginfo-9.4.6-7.1.ppc64le.rpm", "packageName": "libecpg6-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "libecpg6-9.4.6-7.1.ppc64le.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "postgresql94-devel-9.4.6-7.1.s390x.rpm", "packageName": "postgresql94-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-server-debuginfo-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94-server-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-debugsource-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libecpg6-debuginfo-9.4.6-7.1.s390x.rpm", "packageName": "libecpg6-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libpq5-debuginfo-32bit-9.4.6-7.1.x86_64.rpm", "packageName": "libpq5-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-debuginfo-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libpq5-debuginfo-9.4.6-7.1.s390x.rpm", "packageName": "libpq5-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libecpg6-9.4.6-7.1.s390x.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "libecpg6-debuginfo-9.4.6-7.1.ppc64le.rpm", "packageName": "libecpg6-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-debugsource-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libecpg6-9.4.6-7.1.x86_64.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-7.1.s390x.rpm", "packageName": "postgresql94-devel-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "postgresql94-devel-9.4.6-7.1.ppc64le.rpm", "packageName": "postgresql94-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-contrib-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-contrib", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libpq5-32bit-9.4.6-7.1.x86_64.rpm", "packageName": "libpq5-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "libpq5-9.4.6-7.1.ppc64le.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libpq5-32bit-9.4.6-7.1.s390x.rpm", "packageName": "libpq5-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-server-debuginfo-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-server-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-server-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "postgresql94-libs-debugsource-9.4.6-7.1.x86_64.rpm", "packageName": "postgresql94-libs-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libpq5-debuginfo-32bit-9.4.6-7.1.s390x.rpm", "packageName": "libpq5-debuginfo-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "postgresql94-libs-debugsource-9.4.6-7.1.s390x.rpm", "packageName": "postgresql94-libs-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-7.1.x86_64.rpm", "packageName": "postgresql94-devel-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-server-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-server", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-debugsource-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-contrib-debuginfo-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94-contrib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "s390x", "packageFilename": "postgresql94-contrib-debuginfo-9.4.6-7.2.s390x.rpm", "packageName": "postgresql94-contrib-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "libpq5-9.4.6-7.1.s390x.rpm", "packageName": "libpq5", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libecpg6-9.4.6-7.1.x86_64.rpm", "packageName": "libecpg6", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-debuginfo-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.2", "arch": "ppc64le", "packageFilename": "postgresql94-9.4.6-7.2.ppc64le.rpm", "packageName": "postgresql94", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "s390x", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-7.1.s390x.rpm", "packageName": "postgresql94-devel-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "postgresql94-libs-debugsource-9.4.6-7.1.x86_64.rpm", "packageName": "postgresql94-libs-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-debuginfo-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "x86_64", "packageFilename": "libpq5-32bit-9.4.6-7.1.x86_64.rpm", "packageName": "libpq5-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": "ppc64le", "packageFilename": "postgresql94-devel-debuginfo-9.4.6-7.1.ppc64le.rpm", "packageName": "postgresql94-devel-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "9.4.6-7.2", "arch": "x86_64", "packageFilename": "postgresql94-debugsource-9.4.6-7.2.x86_64.rpm", "packageName": "postgresql94-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "9.4.6-7.1", "arch": &qu