Fedora 17 : postgresql-9.1.8-1.fc17 (2013-2152)

🗓️ 18 Feb 2013 00:00:00Reported by TenableType

Update postgresql-9.1.8-1.fc17 to fix security vulnerability and build with selinux option disable

Reporter	Title	Published	Views	Family All 71
Tenable Nessus	PostgreSQL < 8.3.23 / 8.4.16 / 9.0.12 / 9.1.8 / 9.2.3 Denial of Service	5 Apr 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : postgresql8 (ALAS-2013-244)	14 Nov 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : postgresql / postgresql84 (CESA-2013:1475)	30 Oct 201300:00	–	nessus
Tenable Nessus	Debian DSA-2630-1 : postgresql-8.4 - programming error	21 Feb 201300:00	–	nessus
Tenable Nessus	Fedora 18 : postgresql-9.2.3-1.fc18 (2013-2123)	11 Feb 201300:00	–	nessus
Tenable Nessus	GLSA-201408-15 : PostgreSQL: Multiple vulnerabilities	30 Aug 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : postgresql (MDVSA-2013:012)	17 Feb 201300:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : postgresql (MDVSA-2013:142)	20 Apr 201300:00	–	nessus
Tenable Nessus	MiracleLinux 4 : postgresql-8.4.20-1.AXS4 (AXSA:2014-004:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0318-1)	13 Jun 201400:00	–	nessus

Source	Link
postgresql	www.postgresql.org/docs/9.1/static/release-9-1-8.html
postgresql	www.postgresql.org/docs/9.2/release-9-2-3.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-2152.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(64665);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-0255");
  script_bugtraq_id(57844);
  script_xref(name:"FEDORA", value:"2013-2152");

  script_name(english:"Fedora 17 : postgresql-9.1.8-1.fc17 (2013-2152)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Update to new upstream releases, to fix CVE-2013-0255
    and other issues described at
    http://www.postgresql.org/docs/9.2/static/release-9-2-3.
    html
    http://www.postgresql.org/docs/9.1/static/release-9-1-8.
    html

  - Make the package build with selinux option disabled

    - Include old version of pg_controldata in
      postgresql-upgrade subpackage

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://www.postgresql.org/docs/9.1/static/release-9-1-8.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.postgresql.org/docs/9.1/static/release-9-1-8.html"
  );
  # http://www.postgresql.org/docs/9.2/static/release-9-2-3.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.postgresql.org/docs/9.2/release-9-2-3.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=907892"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-February/098845.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fc5d58c8"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected postgresql package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:postgresql");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC17", reference:"postgresql-9.1.8-1.fc17")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql");
}

11 Jan 2021 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 26.8

EPSS0.03659