Search...

SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)

2009-09-24T00:00:00

ID SUSE9_11509.NASL
Type nessus
Reporter This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
Modified 2009-09-24T00:00:00

Description

This update fixes two vulnerabilities that affect the backend server and can only be exploited by authenticated users to cause a denial-of-service, or maybe to access other tables/databases without authentication. (CVE-2007-0555 CVE-2007-0556)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(41132);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-0555", "CVE-2007-0556");

  script_name(english:"SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 9 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes two vulnerabilities that affect the backend server
and can only be exploited by authenticated users to cause a
denial-of-service, or maybe to access other tables/databases without
authentication. (CVE-2007-0555 CVE-2007-0556)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-0555.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-0556.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11509.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/05/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SUSE9", reference:"postgresql-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", reference:"postgresql-contrib-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", reference:"postgresql-devel-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", reference:"postgresql-docs-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", reference:"postgresql-libs-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", reference:"postgresql-pl-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", reference:"postgresql-server-7.4.17-0.1")) flag++;
if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"postgresql-libs-32bit-9-200704271846")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

JSON Vulners Source

Initial Source

{"id": "SUSE9_11509.NASL", "bulletinFamily": "scanner", "title": "SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)", "description": "This update fixes two vulnerabilities that affect the backend server\nand can only be exploited by authenticated users to cause a\ndenial-of-service, or maybe to access other tables/databases without\nauthentication. (CVE-2007-0555 CVE-2007-0556)", "published": "2009-09-24T00:00:00", "modified": "2009-09-24T00:00:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/41132", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2007-0556.html", "http://support.novell.com/security/cve/CVE-2007-0555.html"], "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "type": "nessus", "lastseen": "2021-01-17T14:02:12", "edition": 23, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0556", "CVE-2007-0555"]}, {"type": "postgresql", "idList": ["POSTGRESQL:CVE-2007-0555", "POSTGRESQL:CVE-2007-0556"]}, {"type": "ubuntu", "idList": ["USN-417-1", "USN-417-2"]}, {"type": "gentoo", "idList": ["GLSA-200703-15"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7186", "SECURITYVULNS:DOC:15979"]}, {"type": "nessus", "idList": ["FEDORA_2007-198.NASL", "DEBIAN_DSA-1261.NASL", "MANDRAKE_MDKSA-2007-037.NASL", "GENTOO_GLSA-200703-15.NASL", "UBUNTU_USN-417-2.NASL", "FEDORA_2007-197.NASL", "SUSE_POSTGRESQL-3244.NASL", "REDHAT-RHSA-2007-0068.NASL", "UBUNTU_USN-417-1.NASL", "SUSE_POSTGRESQL-3243.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310855197", "OPENVAS:58153", "OPENVAS:861498", "OPENVAS:136141256231065501", "OPENVAS:855826", "OPENVAS:855501", "OPENVAS:1361412562310855501", "OPENVAS:830261", "OPENVAS:840182", "OPENVAS:1361412562310855826"]}, {"type": "fedora", "idList": ["FEDORA:L56HONCW010002", "FEDORA:L15H9BUR029728", "FEDORA:L15H8FHP029368"]}, {"type": "redhat", "idList": ["RHSA-2007:0067", "RHSA-2007:0064", "RHSA-2007:0068"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0064", "ELSA-2007-0336"]}, {"type": "osvdb", "idList": ["OSVDB:33087", "OSVDB:33302"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1261-1:70EA9"]}, {"type": "centos", "idList": ["CESA-2007:0064"]}], "modified": "2021-01-17T14:02:12", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-01-17T14:02:12", "rev": 2}, "vulnersScore": 6.9}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41132);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n\n script_name(english:\"SuSE9 Security Update : PostgreSQL (YOU Patch Number 11509)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two vulnerabilities that affect the backend server\nand can only be exploited by authenticated users to cause a\ndenial-of-service, or maybe to access other tables/databases without\nauthentication. (CVE-2007-0555 CVE-2007-0556)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0556.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 11509.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-contrib-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-devel-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-docs-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-libs-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-pl-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"postgresql-server-7.4.17-0.1\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-9-200704271846\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "41132", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:45:49", "description": "PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.", "edition": 3, "cvss3": {}, "published": "2007-02-06T01:28:00", "title": "CVE-2007-0555", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0555"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:postgresql:postgresql:7.4", "cpe:/a:postgresql:postgresql:8.2", "cpe:/a:postgresql:postgresql:8.0", "cpe:/a:postgresql:postgresql:7.3", "cpe:/a:postgresql:postgresql:8.1"], "id": "CVE-2007-0555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0555", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:45:49", "description": "The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a \"previously made query plan,\" which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an \"ALTER COLUMN TYPE\" SQL statement, which can be leveraged to read arbitrary memory from the server.", "edition": 3, "cvss3": {}, "published": "2007-02-06T01:28:00", "title": "CVE-2007-0556", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.6, "vectorString": "AV:N/AC:H/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0556"], "modified": "2018-10-16T16:33:00", "cpe": ["cpe:/a:postgresql:postgresql:7.3.8", "cpe:/a:postgresql:postgresql:6.2.1", "cpe:/a:postgresql:postgresql:7.4", "cpe:/a:postgresql:postgresql:6.1.1", "cpe:/a:postgresql:postgresql:7.4.6", "cpe:/a:postgresql:postgresql:7.3.7", "cpe:/a:postgresql:postgresql:1.0", "cpe:/a:postgresql:postgresql:7.2.5", "cpe:/a:postgresql:postgresql:8.0.3", "cpe:/a:postgresql:postgresql:7.4.10", "cpe:/a:postgresql:postgresql:6.5.2", "cpe:/a:postgresql:postgresql:8.2", "cpe:/a:postgresql:postgresql:1.02", "cpe:/a:postgresql:postgresql:8.0.1", "cpe:/a:postgresql:postgresql:7.4.15", "cpe:/a:postgresql:postgresql:8.0.4", "cpe:/a:postgresql:postgresql:8.0.7", "cpe:/a:postgresql:postgresql:6.1", "cpe:/a:postgresql:postgresql:6.3.1", "cpe:/a:postgresql:postgresql:7.3.9", "cpe:/a:postgresql:postgresql:7.3.5", "cpe:/a:postgresql:postgresql:7.2.1", "cpe:/a:postgresql:postgresql:8.2.1", "cpe:/a:postgresql:postgresql:1.01", "cpe:/a:postgresql:postgresql:8.0.10", "cpe:/a:postgresql:postgresql:1.09", "cpe:/a:postgresql:postgresql:6.5.1", "cpe:/a:postgresql:postgresql:7.0.1", "cpe:/a:postgresql:postgresql:6.2", "cpe:/a:postgresql:postgresql:7.1.2", "cpe:/a:postgresql:postgresql:7.4.2", "cpe:/a:postgresql:postgresql:7.4.9", "cpe:/a:postgresql:postgresql:7.3.4", "cpe:/a:postgresql:postgresql:6.4.2", "cpe:/a:postgresql:postgresql:6.4", "cpe:/a:postgresql:postgresql:7.2.6", "cpe:/a:postgresql:postgresql:8.0.2", "cpe:/a:postgresql:postgresql:7.3.3", "cpe:/a:postgresql:postgresql:7.3.10", "cpe:/a:postgresql:postgresql:7.3.13", "cpe:/a:postgresql:postgresql:8.1.1", "cpe:/a:postgresql:postgresql:7.3.16", "cpe:/a:postgresql:postgresql:7.0", "cpe:/a:postgresql:postgresql:7.1.1", "cpe:/a:postgresql:postgresql:7.4.1", "cpe:/a:postgresql:postgresql:7.2.7", "cpe:/a:postgresql:postgresql:7.4.13", "cpe:/a:postgresql:postgresql:7.0.2", "cpe:/a:postgresql:postgresql:8.1.4", "cpe:/a:postgresql:postgresql:7.3.14", "cpe:/a:postgresql:postgresql:8.0", "cpe:/a:postgresql:postgresql:8.1.5", "cpe:/a:postgresql:postgresql:8.1.6", "cpe:/a:postgresql:postgresql:7.3.11", "cpe:/a:postgresql:postgresql:7.4.7", "cpe:/a:postgresql:postgresql:7.4.4", "cpe:/a:postgresql:postgresql:6.5", "cpe:/a:postgresql:postgresql:7.3.17", "cpe:/a:postgresql:postgresql:6.4.1", "cpe:/a:postgresql:postgresql:7.4.12", "cpe:/a:postgresql:postgresql:6.5.3", "cpe:/a:postgresql:postgresql:7.2.3", "cpe:/a:postgresql:postgresql:8.0.8", "cpe:/a:postgresql:postgresql:6.0", "cpe:/a:postgresql:postgresql:7.3.12", "cpe:/a:postgresql:postgresql:8.0.5", "cpe:/a:postgresql:postgresql:8.0.6", "cpe:/a:postgresql:postgresql:7.3.15", "cpe:/a:postgresql:postgresql:7.3.2", "cpe:/a:postgresql:postgresql:7.2.4", "cpe:/a:postgresql:postgresql:7.1", "cpe:/a:postgresql:postgresql:8.1.2", "cpe:/a:postgresql:postgresql:7.2.8", "cpe:/a:postgresql:postgresql:6.3.2", "cpe:/a:postgresql:postgresql:7.1.3", "cpe:/a:postgresql:postgresql:7.3", "cpe:/a:postgresql:postgresql:7.4.16", "cpe:/a:postgresql:postgresql:7.2", "cpe:/a:postgresql:postgresql:7.4.5", "cpe:/a:postgresql:postgresql:7.4.8", "cpe:/a:postgresql:postgresql:7.2.2", "cpe:/a:postgresql:postgresql:8.1", "cpe:/a:postgresql:postgresql:7.3.1", "cpe:/a:postgresql:postgresql:8.1.3", "cpe:/a:postgresql:postgresql:7.4.3", "cpe:/a:postgresql:postgresql:7.4.11", "cpe:/a:postgresql:postgresql:7.4.14", "cpe:/a:postgresql:postgresql:8.0.9", "cpe:/a:postgresql:postgresql:6.3", "cpe:/a:postgresql:postgresql:7.3.18", "cpe:/a:postgresql:postgresql:7.0.3", "cpe:/a:postgresql:postgresql:7.3.6"], "id": "CVE-2007-0556", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0556", "cvss": {"score": 6.6, "vector": "AV:N/AC:H/Au:S/C:C/I:N/A:C"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.17:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.15:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:1.09:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:1.02:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.16:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*"]}], "postgresql": [{"lastseen": "2020-12-24T14:27:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-0555"], "description": "A vulnerability allows suppressing the normal checks that a SQL function returns the data type it's declared to do. These errors can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.", "edition": 3, "modified": "2007-02-06T01:28:00", "published": "2007-02-06T01:28:00", "href": "https://www.postgresql.org/support/security/8.2/", "id": "POSTGRESQL:CVE-2007-0555", "type": "postgresql", "title": "Vulnerability in core server (CVE-2007-0555)", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-12-24T14:27:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-0556"], "description": "A vulnerability involving changing the data type of a table column can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.", "edition": 3, "modified": "2007-02-06T01:28:00", "published": "2007-02-06T01:28:00", "href": "https://www.postgresql.org/support/security/8.2/", "id": "POSTGRESQL:CVE-2007-0556", "type": "postgresql", "title": "Vulnerability in core server (CVE-2007-0556)", "cvss": {"score": 6.6, "vector": "AV:N/AC:H/Au:S/C:C/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:32:22", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "USN-417-1 fixed several vulnerabilities in the PostgreSQL server. \nUnfortunately this update had a regression that caused some valid \nqueries to be aborted with a type error. This update corrects that \nproblem.\n\nWe apologize for the inconvenience.", "edition": 16, "modified": "2007-02-07T00:00:00", "published": "2007-02-07T00:00:00", "id": "USN-417-2", "href": "https://ubuntu.com/security/notices/USN-417-2", "title": "PostgreSQL 8.1 regression", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-07-09T00:30:09", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Jeff Trout discovered that the PostgreSQL server did not sufficiently \ncheck data types of SQL function arguments in some cases. An \nauthenticated attacker could exploit this to crash the database server \nor read out arbitrary locations in the server's memory, which could \nallow retrieving database content the attacker should not be able to \nsee. (CVE-2007-0555)\n\nJeff Trout reported that the query planner did not verify that a table \nwas still compatible with a previously made query plan. By using ALTER \nCOLUMN TYPE during query execution, an attacker could exploit this to \nread out arbitrary locations in the server's memory, which could allow \nretrieving database content the attacker should not be able to see. \n(CVE-2007-0556)", "edition": 6, "modified": "2007-02-06T00:00:00", "published": "2007-02-06T00:00:00", "id": "USN-417-1", "href": "https://ubuntu.com/security/notices/USN-417-1", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:46", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "edition": 1, "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nPostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. \n\n### Impact\n\nA remote authenticated attacker could send specially crafted queries to the server that could result in a server crash and possibly the unauthorized reading of some database content or arbitrary memory. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PostgreSQL users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"dev-db/postgresql\"", "modified": "2009-05-28T00:00:00", "published": "2007-03-16T00:00:00", "id": "GLSA-200703-15", "href": "https://security.gentoo.org/glsa/200703-15", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "=========================================================== \r\nUbuntu Security Notice USN-417-1 February 05, 2007\r\npostgresql-7.4/-8.0/-8.1 vulnerabilities\r\nCVE-2007-0555, CVE-2007-0556\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 5.10\r\nUbuntu 6.06 LTS\r\nUbuntu 6.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 5.10:\r\n postgresql-7.4 1:7.4.8-17ubuntu1.4\r\n postgresql-8.0 8.0.3-15ubuntu2.3\r\n\r\nUbuntu 6.06 LTS:\r\n postgresql-8.1 8.1.4-0ubuntu1.2\r\n\r\nUbuntu 6.10:\r\n postgresql-8.1 8.1.4-7ubuntu0.2\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nJeff Trout discovered that the PostgreSQL server did not sufficiently\r\ncheck data types of SQL function arguments in some cases. An\r\nauthenticated attacker could exploit this to crash the database server\r\nor read out arbitrary locations in the server's memory, which could\r\nallow retrieving database content the attacker should not be able to\r\nsee. (CVE-2007-0555)\r\n\r\nJeff Trout reported that the query planner did not verify that a table\r\nwas still compatible with a previously made query plan. By using ALTER\r\nCOLUMN TYPE during query execution, an attacker could exploit this to\r\nread out arbitrary locations in the server's memory, which could allow\r\nretrieving database content the attacker should not be able to see.\r\n(CVE-2007-0556)\r\n\r\n\r\nUpdated packages for Ubuntu 5.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4.diff.gz\r\n Size/MD5: 61660 f0b8038e545f4cac15356c31e8a45d57\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4.dsc\r\n Size/MD5: 1038 7f3660a4b9f9e427f6acea9f475e1d31\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8.orig.tar.gz\r\n Size/MD5: 9947820 50ee979019622f8852444cfd67b58e7e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3.diff.gz\r\n Size/MD5: 68920 011160d5414c9a25bdf904484c6549a4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3.dsc\r\n Size/MD5: 1115 972244c3e7fdba5d92963a757ab60d8b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3.orig.tar.gz\r\n Size/MD5: 10786924 73c804e7e55dd916732ce6807cc13318\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.8-17ubuntu1.4_all.deb\r\n Size/MD5: 1062840 27ed7b68501e2b0bd549f7e671a1433a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-doc-8.0_8.0.3-15ubuntu2.3_all.deb\r\n Size/MD5: 1170106 56e437def51d06712e899fe95ff4c085\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.8-17ubuntu1.4_all.deb\r\n Size/MD5: 423444 709e6862b1dd30176be73fe8e7b9feac\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-compat2_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 19312 a309220068cb4f004f98a48ff50d46b4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-dev_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 204278 7c92c4c12a4f8f83ecf62eb243ce4c9a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg5_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 38918 16e646bb44621e70428afd5c850e038c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpgtypes2_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 41548 d8443eb231abf71159c89b082fb17b54\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq-dev_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 165732 26d8575709e4c8699c4ff6f5a29436c4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/libpq3_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 68958 857605f6bf5ca9ee19817cf0753ae9e9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq4_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 72506 8c2ca61ed2e20f8336d3b1a70ddea82c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 2744164 c9f09ae5f20aa52bf4d01ea55ac3312c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 2985170 e1289e644e3ac33e067250784c6af317\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 472818 3965c03011c50fec137eefb6ee1dc1d2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-client-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 597696 ead9ebccc3cc0a2822a6bc8fa6ac44df\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 486234 303c750a4d049600361053a4f28b1cbe\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-contrib-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 537040 b7509e3771297a5e17c302b8a7e6519f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 24328 7377f9b85ef81d71fe3e855ac6981ca9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plperl-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 32964 1b1f344d8e5b3dce3cc17d1cf783f515\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 27956 f00e5979b142dde902cd9692a11cf224\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plpython-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 29996 2c97e73fe6335032a16a72bd08d6eff5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.8-17ubuntu1.4_amd64.deb\r\n Size/MD5: 28550 3c507c367c6f396dfea7b5e8982f20e1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-pltcl-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 30114 92abe64389ef6daa8109976eec4eec43\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.0/postgresql-server-dev-8.0_8.0.3-15ubuntu2.3_amd64.deb\r\n Size/MD5: 432142 4fedbcea9871cd3d989a27118b9c383d\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-compat2_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 18342 8d8607700498a9962e4dbf8e6e07c7f9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-dev_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 194880 1dc63d56a8a6577c9ee32ee621570564\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg5_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 36570 593ad6a7baf9f4ff08e25705eda694a3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpgtypes2_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 39652 9a95d918d0aa400082903f0de17668ae\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq-dev_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 155380 c2059beb6a4b2fc894abf3893a51f1b3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/libpq3_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 62850 2ae510a977f8d44c8f4b066b9c2a247f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq4_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 66014 d0ab16abfc83a541b4ddba2276badf45\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 2588726 b6d62fa571c9cb574c1c23b28525c34f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 2807900 8be4fefbb5b0ed699d0588d82d81f59d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 438090 a61cb7906a5e8ec745d483486bc29b71\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-client-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 540404 ed82fe411c63dfdd093360e96dd79d92\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 447804 1f5273f21388301d82ca0d93f71e0372\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-contrib-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 491706 8623b16d1cc780550e7ce0327075e5d5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 23402 0ab4085f3d2349bf310a7ad808822ef8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plperl-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 31600 f5bd443fa45a3227305e720c2c5d9224\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 25278 37ce63cb6ca519f98e37b50748343f90\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plpython-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 27214 0eb628df124077d9019561b64ddab924\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.8-17ubuntu1.4_i386.deb\r\n Size/MD5: 27120 5cafa6b14df8f18069de4a311b406a33\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-pltcl-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 28886 8bade44afdee50f88758d44cea435ad6\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.0/postgresql-server-dev-8.0_8.0.3-15ubuntu2.3_i386.deb\r\n Size/MD5: 432146 febc29119936f458c657b2337cfe05d5\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-compat2_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 20134 80cbc188d494b1186595f8c8d7f873ba\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-dev_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 202192 645d552a5169dc34e834a01000952ab6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg5_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 39632 6f8776c90bee10c571b86621857babfd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpgtypes2_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 43968 1f886e7645719df36eb97738d8d97482\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq-dev_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 162362 9f519e26e65eb6502b1d3958f8affef3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/libpq3_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 65882 dc59d3551c354a391d81dc2d54c7389a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq4_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 69438 f5718397ce25342e88f5a6868960d578\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 3046550 e128e59464a91c0c4267a7484cb1a417\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 3289234 029187e0f795cf3db59cec0ec32fa25a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 477306 7f090dd38db054d059912f17e5ea8e5d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-client-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 597308 4359245864c3965f37e838c550fdc444\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 513884 dab5775bc694dd5fee8e8d4798bb572e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-contrib-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 563156 dde5c9efba2ded442210d5d3b3ba4d8f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 24916 c993dd484648618022c27f9f669d4246\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plperl-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 33350 6a5d300fb7c784df6c56a46c1752f6bf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 28142 c62c35de118a677ead3c75b133494e45\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plpython-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 29908 69cccabfaeed1da58077a8693bf0d7d8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.8-17ubuntu1.4_powerpc.deb\r\n Size/MD5: 29712 f4b820df5b1940fe6d9957f1332cd2ad\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-pltcl-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 31178 55522622352fc405b185e935b41d6d60\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.0/postgresql-server-dev-8.0_8.0.3-15ubuntu2.3_powerpc.deb\r\n Size/MD5: 432178 94a680289a52d7a0063c7417d5387473\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-compat2_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 18068 dd577fc51949089bda036a177778f8b4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg-dev_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 193844 ec3b0c539aaa0a825a045c36ef91f40c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libecpg5_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 37144 529d62ed7d95ee48dcae80b8912a19a1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpgtypes2_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 40426 389a09061e8b8b1609f78f8028e00dad\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq-dev_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 157462 fb3e4a244af3a5c4b9b5c1ac2639851d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/libpq3_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 63158 8d2469e2495188274b77264dcf22e4f2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/libpq4_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 66394 b8b4c75c725c79b970e42938f8672aef\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 2943322 c6cd89ff7cf19b278dd709b4a723ec32\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 3173264 6120514a2343a52d960aa7a71dff88e8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 448858 ba52b6d4672a3a8268b93b65702dded5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-client-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 552002 005f79cfb9f4b3f733625b12acbd70fe\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 466602 a74b491ca21ab43a61dddbfca7191234\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-contrib-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 513742 1be7b2aeb73b77941f16e530e8ca8e2a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 23268 a47afd05c8af0e60465a53cff8c4618c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plperl-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 31566 b0f140630035a966e3d3715e2e1989bb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 26386 8eafd99403535aed24d808d5806e1557\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-plpython-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 28256 df090a835a1a8ec5f814092fad47f6fa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.8-17ubuntu1.4_sparc.deb\r\n Size/MD5: 28194 fd7f84a7fe145ad489981af67c291f0e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-pltcl-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 29180 9fe2aa17384fa27ba5e56ccf30277092\r\n http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.0/postgresql-server-dev-8.0_8.0.3-15ubuntu2.3_sparc.deb\r\n Size/MD5: 432194 bd25000a1f17e0cc841e20218d2f03ea\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2.diff.gz\r\n Size/MD5: 39286 30100a406c1549df3f0a228bf870478f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2.dsc\r\n Size/MD5: 1113 271b6388eebd702db1f9ad406bdde0f8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz\r\n Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1.2_all.deb\r\n Size/MD5: 1441736 9219794105987e13e481af8149515193\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 152630 8ab3230d5f7317e83d96c1bca7f62855\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 344654 9018bc38e86b19b1b275e59a6a246c24\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 173114 7ef12f9fe14bdb06b42a8f70adedb36b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 174940 361d2741f6bdaa5cf34a40e1109e2412\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 307758 58ffbe04073da2ac58fc13d66d06ee88\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 206418 6f8e11bf445494126efa5122ec70dcee\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 3221906 bf44a809132662805529605dd82ad76d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 758536 f42a68504beb52bd13f3b613938593f4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 612948 a287ee40a874acc360c5da7bae79ea6e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 169378 2607ecc78b58d5a7e8f25b432b7202a0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 163528 ec0d6a3459c3cf1d9820240172e943c9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 163580 c46da2f7a2797ed5c1e64562f635ca99\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.2_amd64.deb\r\n Size/MD5: 596106 36d5b505c5d5d4d1c660f27bd64912e7\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 151560 452b71fd847af96161ad25d9795b23e5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 334714 43e5430005c65a00d00a559dff68214e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 170660 d345f8329dc1c443bf66fd9622a82ad1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 173034 7b0adea4c2164bc043e5ae9429b50a39\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 296272 c8f807c9f485a17f85dd29d481049cd4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 199762 1a1358d3ec9431615c5d7f285b62c724\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 3026904 504388159e2583d312e0bf18cea07b88\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 686552 c0c14e4600fcb1a1124db9d048c53136\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 567452 50515243f564f85a88935822499e3d8d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 167572 5816d2a7b5b5a06aaa94885e7b1d0af6\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 160780 1353838fb4c6de4754d95a7b3331c007\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 162184 891c1dec410a61423f2b74884e962dd5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.2_i386.deb\r\n Size/MD5: 596102 d3773925af9bdf5b37cd962f2fdb5f2e\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 153456 71914ffa85714ba2ca88cefebcf96676\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 340294 6d00dec641e9b853fa37b4cb85e3c461\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 173804 355e51f80bbb7a146e4862fe8f03e91d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 177280 58f351335b68e977e67bce50ce63f3d4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 302232 d8623adb91740f5b90f8303ebc123d2a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 203306 259c7e98f064abb4693fea993d46de67\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 3516502 5fb789c62bd3b82030ab3cfae4b42a9f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 758706 98806b8cd6f1695888f38d9091ad0ecf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 629042 066ccd9b5d6566e6b8e65268336ac99b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 169116 de764bb413ecc43c79a74fdc589d610e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 163490 0f7d118ea25a99f446f3bfe119b5f91b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 164432 1bdf3ba370ddbd517a62502c9b2b59fd\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.2_powerpc.deb\r\n Size/MD5: 596108 2be4adfaccc4c1b4bf4d9bbcebbdb730\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 151382 c2c7d84a10395077f202b894779420e5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 331814 f1cdb0afd857045b183acca59eb6fc98\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 171362 db70c163b3c2278217c843d2d1725c21\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 172706 57aca78288d95bc7cdfc2975219f8377\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 298356 f1f5a58b2a263a5ec82abce529a1bff9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 200006 fb07bfd400a7cb9f03c5b3d243b3b03f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 3393442 847081170989afc0e4332e05a0199ab9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 714848 04e6bd5b16a94b4c303074196139e4dc\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 587754 ec57fb3a6020dd555bf98ccfec4f3348\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 167654 8af60b93cc5fa4a97ffb32f87dcff514\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 161960 32bb1f43a65f28c236f9886db429747b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 162602 055eab0dc21b22599aaa88fbb7ea7a18\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-0ubuntu1.2_sparc.deb\r\n Size/MD5: 596112 0f04fbe590da162e14da9cd6ef8f3085\r\n\r\nUpdated packages for Ubuntu 6.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2.diff.gz\r\n Size/MD5: 47590 2fe36c155e5364ecaeaacbcfde0f0852\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2.dsc\r\n Size/MD5: 1176 d94f343c8a0680c7c7aeda425c3cb671\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz\r\n Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-7ubuntu0.2_all.deb\r\n Size/MD5: 1442792 ad3230bb78f269c02be57a044b70f322\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 153678 03c08ec4d776a5c4547480b653ccba2b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 345430 1c1724d9efe088d1c0a84c6ee07b1086\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 174130 eb4ec590570e9492e25ba80bf12aad8e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 176078 7a16eca0f26c2268cc4d141d7ca3894b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 313270 bab890e69702c98d5aa9e3c7936fcf12\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 207372 bac5e6c08a39f2570e706a287e0ab74a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 3257946 459556edde665caa1bea499dbf97c5eb\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 769962 5eb521c2742222bccf1d0f2bdf49835f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 619908 4036aa5579b59b2ced369de334b32958\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 170062 5b1d5541858c41d912de89b9a4c1bbf9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 164456 7da3e8a70a00ef03a0859db5d7e32014\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 164768 f9a7a6dd31f7add1e5f80f673cb4ffc2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-7ubuntu0.2_amd64.deb\r\n Size/MD5: 597100 05c062a95956d201c65bd786782f3aff\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 152954 4d9db25ac359605e07083e89772ff717\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 342576 422e7990493234ec7da875320179a38a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 172822 93f5723980b7d88977bdeda3ebdab84b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 175812 3d96d655314e728fc23364493b4d2d1b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 306518 245f0c252a40a630ff1351101b37c8b0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 203336 a3511e6012e822b3bc0249c6b8ba8ae1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 3158220 de63ef4f6551b16c8f348933e86af6c7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 740510 2293c08093adefdfd1bea474e9f0ee38\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 588192 524405daf8a67805bef3f207193395d4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 168900 e197396d8291a589ce4ede1707ab5008\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 162314 c2431dacdc3cfd1ce650f6218e274882\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 163714 9e10987a798ae598920059d457443136\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-7ubuntu0.2_i386.deb\r\n Size/MD5: 597084 b8b843cddc4d2b4ca912647a222c0237\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 154512 019ed8f9d7df238127309128ea258003\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 340124 092b74680ab9af5ba57dd3da3cfa6fd9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 174994 36982147e100a45d764579454c242846\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 178902 8aab1de08c97245de7da155e36532608\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 308680 3eecd1bc5778838e85b9a515c1e8d8a3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 205506 4f7f60773d6edf5b6508a72c9aebfb89\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 3558412 0937c1d9c7ca5a9b02baddc62cd8476d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 780276 69879a5e3228e2a65d2c302d6d4896b9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 640420 6b8a11d3ba2880006ff74f18c8828b5a\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 169830 b1266acb0140550094615194ea16f401\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 164612 45ca4304874714b33f74d6cc297fea85\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 165744 b052b1fb602b23dce54df9b6fedebf2f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-7ubuntu0.2_powerpc.deb\r\n Size/MD5: 597094 62b8e119bd93c68737ef82883a3a80e7\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 152362 b682c589626b0d58445ef3a83c93efe1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 335804 98f621b72b1260c09c8e7851fe779c53\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 172418 037617ffc3b577b4deb5bd8bc620368e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 174150 d4e2da0e4dbcccda11d0b8c069d3a3b1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 305780 27c05cc04795b56414709eed82d89d5b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 202090 6ffdad44af907e8e0e6b3c8f3be6e5ab\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 3484440 7466e1c4cb03ab7cb842128c195f0285\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 755000 d6f944f49b915223c0a4cb8d6686f26c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 598968 c8fbb27c9f4f7ac147d6a38d4bbfc11c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 168458 0ce3fa5a7e9d0ea32716eb9b687cbb3c\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 163052 074d76b767d7b203f80314134d7eb1b5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 163730 e7009ef14a3013eb92ef2764cac8827e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.4-7ubuntu0.2_sparc.deb\r\n Size/MD5: 597102 bd2701786eb0b0d48a0325a4f99c42a5", "edition": 1, "modified": "2007-02-05T00:00:00", "published": "2007-02-05T00:00:00", "id": "SECURITYVULNS:DOC:15979", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:15979", "title": "[Full-disclosure] [USN-417-1] PostgreSQL vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Server internal memory regions reading because of invalid datatype handling in SQL functions and with ALTER COLUMN TYPE during request execution.", "edition": 1, "modified": "2007-02-05T00:00:00", "published": "2007-02-05T00:00:00", "id": "SECURITYVULNS:VULN:7186", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7186", "title": "PostgreSQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "modified": "2007-02-05T17:08:15", "published": "2007-02-05T17:08:15", "id": "FEDORA:L15H8FHP029368", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: postgresql-8.1.7-1.fc6", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "modified": "2007-02-05T17:09:11", "published": "2007-02-05T17:09:11", "id": "FEDORA:L15H9BUR029728", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: postgresql-8.1.7-1.fc5", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555", "CVE-2007-0556", "CVE-2007-2138"], "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the docs in HTML for the whole package, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. ", "modified": "2007-06-06T17:24:23", "published": "2007-06-06T17:24:23", "id": "FEDORA:L56HONCW010002", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 5 Update: postgresql-8.1.9-1.fc5", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:06:04", "description": " - Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1\n\n - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555,\n CVE-2007-0556 Related: #225496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2007-02-09T00:00:00", "title": "Fedora Core 6 : postgresql-8.1.7-1.fc6 (2007-197)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-02-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:6", "p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo", "p-cpe:/a:fedoraproject:fedora:postgresql-contrib", "p-cpe:/a:fedoraproject:fedora:postgresql-devel", "p-cpe:/a:fedoraproject:fedora:postgresql-tcl", "p-cpe:/a:fedoraproject:fedora:postgresql-server", "p-cpe:/a:fedoraproject:fedora:postgresql", "p-cpe:/a:fedoraproject:fedora:postgresql-libs", "p-cpe:/a:fedoraproject:fedora:postgresql-docs", "p-cpe:/a:fedoraproject:fedora:postgresql-pl", "p-cpe:/a:fedoraproject:fedora:postgresql-python", "p-cpe:/a:fedoraproject:fedora:postgresql-test"], "id": "FEDORA_2007-197.NASL", "href": "https://www.tenable.com/plugins/nessus/24301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-197.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24301);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2007-197\");\n\n script_name(english:\"Fedora Core 6 : postgresql-8.1.7-1.fc6 (2007-197)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1\n\n - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555,\n CVE-2007-0556 Related: #225496\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-February/001365.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7f77c04\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-contrib-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-debuginfo-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-devel-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-docs-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-libs-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-pl-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-python-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-server-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-tcl-8.1.7-1.fc6\")) flag++;\nif (rpm_check(release:\"FC6\", reference:\"postgresql-test-8.1.7-1.fc6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-17T14:46:58", "description": "This update fixes two vulnerabilities that affect the backend server\nand can only be exploited by authenticated users to cause a\ndenial-of-service, or maybe to access other tables/databases without\nauthentication. (CVE-2007-0555 / CVE-2007-0556)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POSTGRESQL-3244.NASL", "href": "https://www.tenable.com/plugins/nessus/29558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29558);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n\n script_name(english:\"SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 3244)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two vulnerabilities that affect the backend server\nand can only be exploited by authenticated users to cause a\ndenial-of-service, or maybe to access other tables/databases without\nauthentication. (CVE-2007-0555 / CVE-2007-0556)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-0556.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3244.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"postgresql-devel-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"postgresql-libs-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-contrib-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-devel-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-docs-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-libs-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-pl-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"postgresql-server-8.1.9-1.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.9-1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-07T10:52:11", "description": "The remote host is affected by the vulnerability described in GLSA-200703-15\n(PostgreSQL: Multiple vulnerabilities)\n\n PostgreSQL does not correctly check the data types of the SQL function\n arguments under unspecified circumstances nor the format of the\n provided tables in the query planner.\n \nImpact :\n\n A remote authenticated attacker could send specially crafted queries to\n the server that could result in a server crash and possibly the\n unauthorized reading of some database content or arbitrary memory.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2007-03-18T00:00:00", "title": "GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-03-18T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:postgresql", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200703-15.NASL", "href": "https://www.tenable.com/plugins/nessus/24840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200703-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24840);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_bugtraq_id(22387);\n script_xref(name:\"GLSA\", value:\"200703-15\");\n\n script_name(english:\"GLSA-200703-15 : PostgreSQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200703-15\n(PostgreSQL: Multiple vulnerabilities)\n\n PostgreSQL does not correctly check the data types of the SQL function\n arguments under unspecified circumstances nor the format of the\n provided tables in the query planner.\n \nImpact :\n\n A remote authenticated attacker could send specially crafted queries to\n the server that could result in a server crash and possibly the\n unauthorized reading of some database content or arbitrary memory.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200703-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PostgreSQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose 'dev-db/postgresql'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/18\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/postgresql\", unaffected:make_list(\"ge 8.0.11\", \"rge 7.4.17\", \"rge 7.4.16\", \"rge 7.3.19\", \"rge 7.3.13\", \"rge 7.3.21\", \"rge 7.4.19\"), vulnerable:make_list(\"lt 8.0.11\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PostgreSQL\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-17T14:46:58", "description": "This update fixes two vulnerabilities that affect the backend server\nand can only be exploited by authenticated users to cause a\ndenial-of-service, or maybe to access other tables/databases without\nauthentication. (CVE-2007-0555, CVE-2007-0556)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : postgresql (postgresql-3243)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:postgresql-libs-32bit", "p-cpe:/a:novell:opensuse:postgresql-devel", "p-cpe:/a:novell:opensuse:postgresql-libs", "p-cpe:/a:novell:opensuse:postgresql", "p-cpe:/a:novell:opensuse:postgresql-pl", "p-cpe:/a:novell:opensuse:postgresql-server", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:postgresql-contrib"], "id": "SUSE_POSTGRESQL-3243.NASL", "href": "https://www.tenable.com/plugins/nessus/27401", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update postgresql-3243.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27401);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n\n script_name(english:\"openSUSE 10 Security Update : postgresql (postgresql-3243)\");\n script_summary(english:\"Check for the postgresql-3243 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two vulnerabilities that affect the backend server\nand can only be exploited by authenticated users to cause a\ndenial-of-service, or maybe to access other tables/databases without\nauthentication. (CVE-2007-0555, CVE-2007-0556)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"postgresql-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"postgresql-contrib-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"postgresql-devel-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"postgresql-libs-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"postgresql-pl-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"postgresql-server-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.9-1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"postgresql-8.1.9-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"postgresql-contrib-8.1.9-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"postgresql-devel-8.1.9-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"postgresql-libs-8.1.9-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"postgresql-pl-8.1.9-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"postgresql-server-8.1.9-2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"postgresql-libs-32bit-8.1.9-2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-07T11:51:41", "description": "Jeff Trout discovered that the PostgreSQL server did not sufficiently\ncheck data types of SQL function arguments in some cases. A user could\nthen exploit this to crash the database server or read out arbitrary\nlocations of the server's memory, which could be used to retrieve\ndatabase contents that the user should not be able to see. Note that a\nuser must be authenticated in order to exploit this (CVE-2007-0555).\n\nAs well, Jeff Trout also discovered that the query planner did not\nverify that a table was still compatible with a previously-generated\nquery plan, which could be exploited to read out arbitrary locations\nof the server's memory by using ALTER COLUMN TYPE during query\nexecution. Again, a user must be authenticated in order to exploit\nthis (CVE-2007-0556).\n\nUpdate :\n\nThe previous update updated PostgreSQL to upstream versions, including\n8.1.7 which contained a bug with typemod data types used with check\nconstraints and expression indexes. This regression has been corrected\nin the new 8.1.8 version that is being provided.", "edition": 26, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64ecpg5-devel", "p-cpe:/a:mandriva:linux:postgresql", "p-cpe:/a:mandriva:linux:postgresql-pl", "p-cpe:/a:mandriva:linux:postgresql-devel", "p-cpe:/a:mandriva:linux:libecpg5-devel", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:lib64ecpg5", "p-cpe:/a:mandriva:linux:postgresql-docs", "p-cpe:/a:mandriva:linux:libecpg5", "p-cpe:/a:mandriva:linux:postgresql-pltcl", "p-cpe:/a:mandriva:linux:postgresql-test", "p-cpe:/a:mandriva:linux:libpq4", "p-cpe:/a:mandriva:linux:postgresql-plperl", "p-cpe:/a:mandriva:linux:postgresql-contrib", "p-cpe:/a:mandriva:linux:postgresql-plpython", "p-cpe:/a:mandriva:linux:postgresql-plpgsql", "p-cpe:/a:mandriva:linux:lib64pq4", "p-cpe:/a:mandriva:linux:libpq4-devel", "p-cpe:/a:mandriva:linux:postgresql-server", "p-cpe:/a:mandriva:linux:lib64pq4-devel"], "id": "MANDRAKE_MDKSA-2007-037.NASL", "href": "https://www.tenable.com/plugins/nessus/24650", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:037. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24650);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_bugtraq_id(22387);\n script_xref(name:\"MDKSA\", value:\"2007:037-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeff Trout discovered that the PostgreSQL server did not sufficiently\ncheck data types of SQL function arguments in some cases. A user could\nthen exploit this to crash the database server or read out arbitrary\nlocations of the server's memory, which could be used to retrieve\ndatabase contents that the user should not be able to see. Note that a\nuser must be authenticated in order to exploit this (CVE-2007-0555).\n\nAs well, Jeff Trout also discovered that the query planner did not\nverify that a table was still compatible with a previously-generated\nquery plan, which could be exploited to read out arbitrary locations\nof the server's memory by using ALTER COLUMN TYPE during query\nexecution. Again, a user must be authenticated in order to exploit\nthis (CVE-2007-0556).\n\nUpdate :\n\nThe previous update updated PostgreSQL to upstream versions, including\n8.1.7 which contained a bug with typemod data types used with check\nconstraints and expression indexes. This regression has been corrected\nin the new 8.1.8 version that is being provided.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64ecpg5-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64ecpg5-devel-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64pq4-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64pq4-devel-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libecpg5-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libecpg5-devel-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libpq4-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libpq4-devel-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-contrib-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-devel-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-docs-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-pl-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-plperl-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-plpgsql-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-plpython-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-pltcl-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-server-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"postgresql-test-8.1.8-1.1mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-12T10:06:05", "description": " - Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1\n\n - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555,\n CVE-2007-0556 Related: #225496\n\n - Wed Jan 10 2007 Tom Lane <tgl at redhat.com> 8.1.6-1\n\n - Update to PostgreSQL 8.1.6\n\n - Mon Dec 11 2006 Tom Lane <tgl at redhat.com> 8.1.5-1\n\n - Update to PostgreSQL 8.1.5\n\n - Update to PyGreSQL 3.8.1\n\n - Adjust init script to not fool /etc/rc.d/rc Resolves:\n #161470\n\n - Fix chcon arguments in test/regress/Makefile Resolves:\n #201035\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2007-02-09T00:00:00", "title": "Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-02-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:postgresql-jdbc", "p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo", "p-cpe:/a:fedoraproject:fedora:postgresql-contrib", "p-cpe:/a:fedoraproject:fedora:postgresql-devel", "p-cpe:/a:fedoraproject:fedora:postgresql-tcl", "cpe:/o:fedoraproject:fedora_core:5", "p-cpe:/a:fedoraproject:fedora:postgresql-server", "p-cpe:/a:fedoraproject:fedora:postgresql", "p-cpe:/a:fedoraproject:fedora:postgresql-libs", "p-cpe:/a:fedoraproject:fedora:postgresql-docs", "p-cpe:/a:fedoraproject:fedora:postgresql-pl", "p-cpe:/a:fedoraproject:fedora:postgresql-python", "p-cpe:/a:fedoraproject:fedora:postgresql-test"], "id": "FEDORA_2007-198.NASL", "href": "https://www.tenable.com/plugins/nessus/24302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2007-198.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24302);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_xref(name:\"FEDORA\", value:\"2007-198\");\n\n script_name(english:\"Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sun Feb 4 2007 Tom Lane <tgl at redhat.com> 8.1.7-1\n\n - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555,\n CVE-2007-0556 Related: #225496\n\n - Wed Jan 10 2007 Tom Lane <tgl at redhat.com> 8.1.6-1\n\n - Update to PostgreSQL 8.1.6\n\n - Mon Dec 11 2006 Tom Lane <tgl at redhat.com> 8.1.5-1\n\n - Update to PostgreSQL 8.1.5\n\n - Update to PyGreSQL 3.8.1\n\n - Adjust init script to not fool /etc/rc.d/rc Resolves:\n #161470\n\n - Fix chcon arguments in test/regress/Makefile Resolves:\n #201035\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2007-February/001366.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a3716cf0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 5.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-contrib-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-debuginfo-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-devel-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-docs-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-jdbc-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-libs-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-pl-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-python-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-server-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-tcl-8.1.7-1.fc5\")) flag++;\nif (rpm_check(release:\"FC5\", reference:\"postgresql-test-8.1.7-1.fc5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-debuginfo / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-20T15:40:30", "description": "USN-417-1 fixed several vulnerabilities in the PostgreSQL server.\nUnfortunately this update had a regression that caused some valid\nqueries to be aborted with a type error. This update corrects that\nproblem.\n\nWe apologize for the inconvenience.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 : postgresql-8.1 regression (USN-417-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2", "p-cpe:/a:canonical:ubuntu_linux:libecpg5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq-dev", "p-cpe:/a:canonical:ubuntu_linux:libecpg-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpgtypes2", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-417-2.NASL", "href": "https://www.tenable.com/plugins/nessus/28008", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-417-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28008);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_bugtraq_id(22387);\n script_xref(name:\"USN\", value:\"417-2\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 : postgresql-8.1 regression (USN-417-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-417-1 fixed several vulnerabilities in the PostgreSQL server.\nUnfortunately this update had a regression that caused some valid\nqueries to be aborted with a type error. This update corrects that\nproblem.\n\nWe apologize for the inconvenience.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/417-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-dev\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg5\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpgtypes2\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq-dev\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq4\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.4-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg-dev\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg5\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpgtypes2\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpq-dev\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpq4\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.4-7ubuntu0.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libecpg-compat2 / libecpg-dev / libecpg5 / libpgtypes2 / libpq-dev / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-20T15:40:30", "description": "Jeff Trout discovered that the PostgreSQL server did not sufficiently\ncheck data types of SQL function arguments in some cases. An\nauthenticated attacker could exploit this to crash the database server\nor read out arbitrary locations in the server's memory, which could\nallow retrieving database content the attacker should not be able to\nsee. (CVE-2007-0555)\n\nJeff Trout reported that the query planner did not verify that a table\nwas still compatible with a previously made query plan. By using ALTER\nCOLUMN TYPE during query execution, an attacker could exploit this to\nread out arbitrary locations in the server's memory, which could allow\nretrieving database content the attacker should not be able to see.\n(CVE-2007-0556).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-7.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.0", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2", "p-cpe:/a:canonical:ubuntu_linux:libecpg5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.0", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-7.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.0", "p-cpe:/a:canonical:ubuntu_linux:libecpg-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.0", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-7.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-7.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-7.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-7.4", "p-cpe:/a:canonical:ubuntu_linux:libpq3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.0", "p-cpe:/a:canonical:ubuntu_linux:postgresql-7.4", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.0", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.0", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.0", "p-cpe:/a:canonical:ubuntu_linux:libpgtypes2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-7.4", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-417-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-417-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28007);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_xref(name:\"USN\", value:\"417-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : postgresql-7.4/-8.0/-8.1 vulnerabilities (USN-417-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jeff Trout discovered that the PostgreSQL server did not sufficiently\ncheck data types of SQL function arguments in some cases. An\nauthenticated attacker could exploit this to crash the database server\nor read out arbitrary locations in the server's memory, which could\nallow retrieving database content the attacker should not be able to\nsee. (CVE-2007-0555)\n\nJeff Trout reported that the query planner did not verify that a table\nwas still compatible with a previously made query plan. By using ALTER\nCOLUMN TYPE during query execution, an attacker could exploit this to\nread out arbitrary locations in the server's memory, which could allow\nretrieving database content the attacker should not be able to see.\n(CVE-2007-0556).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/417-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libecpg-compat2\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libecpg-dev\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libecpg5\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpgtypes2\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpq-dev\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpq3\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libpq4\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-7.4\", pkgver:\"1:7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-client-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-client-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-contrib-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-contrib-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-doc-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-doc-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-plperl-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-plperl-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-plpython-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-plpython-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-pltcl-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-pltcl-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-server-dev-7.4\", pkgver:\"7.4.8-17ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"postgresql-server-dev-8.0\", pkgver:\"8.0.3-15ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-dev\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg5\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpgtypes2\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq-dev\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq4\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.4-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg-dev\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libecpg5\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpgtypes2\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpq-dev\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libpq4\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.4-7ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libecpg-compat2 / libecpg-dev / libecpg5 / libpgtypes2 / libpq-dev / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-17T13:05:45", "description": "Updated postgresql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced Object-Relational database management system\n(DBMS).\n\nTwo flaws were found in the way the PostgreSQL server handles certain\nSQL-language functions. An authenticated user could execute a sequence\nof commands which could crash the PostgreSQL server or possibly read\nfrom arbitrary memory locations. A user would need to have permissions\nto drop and add database tables to be able to exploit these issues\n(CVE-2007-0555, CVE-2007-0556).\n\nSeveral denial of service flaws were found in the PostgreSQL server.\nAn authenticated user could execute certain SQL commands which could\ncrash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541,\nCVE-2006-5542).\n\nUsers of PostgreSQL should upgrade to these updated packages\ncontaining PostgreSQL version 8.1.8 which corrects these issues.", "edition": 27, "published": "2007-05-25T00:00:00", "title": "RHEL 5 : postgresql (RHSA-2007:0068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-5540", "CVE-2006-5542", "CVE-2007-0555", "CVE-2006-5541", "CVE-2007-0556"], "modified": "2007-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs"], "id": "REDHAT-RHSA-2007-0068.NASL", "href": "https://www.tenable.com/plugins/nessus/25315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0068. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25315);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-5540\", \"CVE-2006-5541\", \"CVE-2006-5542\", \"CVE-2007-0555\", \"CVE-2007-0556\");\n script_bugtraq_id(22387);\n script_xref(name:\"RHSA\", value:\"2007:0068\");\n\n script_name(english:\"RHEL 5 : postgresql (RHSA-2007:0068)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPostgreSQL is an advanced Object-Relational database management system\n(DBMS).\n\nTwo flaws were found in the way the PostgreSQL server handles certain\nSQL-language functions. An authenticated user could execute a sequence\nof commands which could crash the PostgreSQL server or possibly read\nfrom arbitrary memory locations. A user would need to have permissions\nto drop and add database tables to be able to exploit these issues\n(CVE-2007-0555, CVE-2007-0556).\n\nSeveral denial of service flaws were found in the PostgreSQL server.\nAn authenticated user could execute certain SQL commands which could\ncrash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541,\nCVE-2006-5542).\n\nUsers of PostgreSQL should upgrade to these updated packages\ncontaining PostgreSQL version 8.1.8 which corrects these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-0556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0068\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0068\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-contrib-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-contrib-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-contrib-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-devel-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-docs-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-docs-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-docs-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"postgresql-libs-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-pl-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-pl-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-pl-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-python-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-python-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-python-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-server-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-server-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-server-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-tcl-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-tcl-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-tcl-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"postgresql-test-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"postgresql-test-8.1.8-1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"postgresql-test-8.1.8-1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2021-01-06T09:44:45", "description": "It was discovered that the PostgreSQL database performs insufficient\ntype checking for SQL function arguments, which might lead to denial\nof service or information disclosure.", "edition": 25, "published": "2007-02-17T00:00:00", "title": "Debian DSA-1261-1 : postgresql - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555"], "modified": "2007-02-17T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:postgresql"], "id": "DEBIAN_DSA-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/24359", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1261. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24359);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-0555\");\n script_xref(name:\"DSA\", value:\"1261\");\n\n script_name(english:\"Debian DSA-1261-1 : postgresql - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the PostgreSQL database performs insufficient\ntype checking for SQL function arguments, which might lead to denial\nof service or information disclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1261\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the PostgreSQL packages.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 7.4.7-6sarge4.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 8.1.7-1 of the postgresql-8.1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/17\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"libecpg-dev\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libecpg4\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpgtcl\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpgtcl-dev\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpq3\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-client\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-contrib\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-dev\", reference:\"7.4.7-6sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"postgresql-doc\", reference:\"7.4.7-6sarge4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200703-15.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:58153", "href": "http://plugins.openvas.org/nasl.php?oid=58153", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200703-15 (postgresql)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL contains two vulnerabilities that could result in a Denial of\nService or unauthorized access to certain information.\";\ntag_solution = \"All PostgreSQL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose 'dev-db/postgresql'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200703-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=165482\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200703-15.\";\n\n \n\nif(description)\n{\n script_id(58153);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200703-15 (postgresql)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/postgresql\", unaffected: make_list(\"ge 8.0.11\", \"rge 7.4.16\", \"rge 7.3.13\"), vulnerable: make_list(\"lt 8.0.11\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-417-2", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840182", "href": "http://plugins.openvas.org/nasl.php?oid=840182", "type": "openvas", "title": "Ubuntu Update for postgresql-8.1 regression USN-417-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_417_2.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for postgresql-8.1 regression USN-417-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-417-1 fixed several vulnerabilities in the PostgreSQL server.\n Unfortunately this update had a regression that caused some valid\n queries to be aborted with a type error. This update corrects that\n problem.\n\n We apologize for the inconvenience.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-417-2\";\ntag_affected = \"postgresql-8.1 regression on Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-417-2/\");\n script_id(840182);\n script_cve_id(\"CVE-2007-0555\",\"CVE-2007-0556\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_xref(name: \"USN\", value: \"417-2\");\n script_name( \"Ubuntu Update for postgresql-8.1 regression USN-417-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.4-0ubuntu1.3\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.1_8.1.4-7ubuntu0.3\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of postgresql", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861100", "href": "http://plugins.openvas.org/nasl.php?oid=861100", "type": "openvas", "title": "Fedora Update for postgresql FEDORA-2007-197", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for postgresql FEDORA-2007-197\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PostgreSQL is an advanced Object-Relational database management system\n (DBMS) that supports almost all SQL constructs (including\n transactions, subselects and user-defined types and functions). The\n postgresql package includes the client programs and libraries that\n you'll need to access a PostgreSQL DBMS server. These PostgreSQL\n client programs are programs that directly manipulate the internal\n structure of PostgreSQL databases on a PostgreSQL server. These client\n programs can be located on the same machine with the PostgreSQL\n server, or may be on a remote machine which accesses a PostgreSQL\n server over a network connection. This package contains the docs\n in HTML for the whole package, as well as command-line utilities for\n managing PostgreSQL databases on a PostgreSQL server.\n\n If you want to manipulate a PostgreSQL database on a remote PostgreSQL\n server, you need this package. You also need to install this package\n if you're installing the postgresql-server package\";\n\ntag_affected = \"postgresql on Fedora Core 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00008.html\");\n script_id(861100);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 15:48:41 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-197\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name( \"Fedora Update for postgresql FEDORA-2007-197\");\n\n script_summary(\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-server\", rpm:\"x86_64/postgresql-server~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-contrib\", rpm:\"x86_64/postgresql-contrib~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-pl\", rpm:\"x86_64/postgresql-pl~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql\", rpm:\"x86_64/postgresql~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-python\", rpm:\"x86_64/postgresql-python~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-devel\", rpm:\"x86_64/postgresql-devel~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-tcl\", rpm:\"x86_64/postgresql-tcl~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-docs\", rpm:\"x86_64/postgresql-docs~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-test\", rpm:\"x86_64/postgresql-test~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/postgresql-libs\", rpm:\"x86_64/postgresql-libs~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/postgresql-debuginfo\", rpm:\"x86_64/debug/postgresql-debuginfo~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-docs\", rpm:\"i386/postgresql-docs~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-contrib\", rpm:\"i386/postgresql-contrib~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-pl\", rpm:\"i386/postgresql-pl~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-python\", rpm:\"i386/postgresql-python~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql\", rpm:\"i386/postgresql~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-test\", rpm:\"i386/postgresql-test~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-devel\", rpm:\"i386/postgresql-devel~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-server\", rpm:\"i386/postgresql-server~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/postgresql-debuginfo\", rpm:\"i386/debug/postgresql-debuginfo~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-libs\", rpm:\"i386/postgresql-libs~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/postgresql-tcl\", rpm:\"i386/postgresql-tcl~8.1.7~1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of PostgresSQL", "modified": "2017-02-20T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:855197", "href": "http://plugins.openvas.org/nasl.php?oid=855197", "type": "openvas", "title": "Solaris Update for PostgresSQL 123591-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for PostgresSQL 123591-10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"PostgresSQL on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n PostgresSQL\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855197);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123591-10\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name( \"Solaris Update for PostgresSQL 123591-10\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123591-10-1\");\n\n script_summary(\"Check for the Version of PostgresSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"123591-10\", package:\"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:06:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of PostgresSQL", "modified": "2018-01-25T00:00:00", "published": "2010-02-03T00:00:00", "id": "OPENVAS:1361412562310855849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855849", "type": "openvas", "title": "Solaris Update for PostgresSQL 123591-12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for PostgresSQL 123591-12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"PostgresSQL on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n PostgresSQL\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855849\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123591-12\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name(\"Solaris Update for PostgresSQL 123591-12\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123591-12-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of PostgresSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"123591-12\", package:\"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of postgresql", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830256", "href": "http://plugins.openvas.org/nasl.php?oid=830256", "type": "openvas", "title": "Mandriva Update for postgresql MDKSA-2007:037-1 (postgresql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for postgresql MDKSA-2007:037-1 (postgresql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Jeff Trout discovered that the PostgreSQL server did not sufficiently\n check data types of SQL function arguments in some cases. A user could\n then exploit this to crash the database server or read out arbitrary\n locations of the server's memory, which could be used to retrieve\n database contents that the user should not be able to see. Note that a\n user must be authenticated in order to exploit this (CVE-2007-0555).\n\n As well, Jeff Trout also discovered that the query planner did not\n verify that a table was still compatible with a previously-generated\n query plan, which could be exploted to read out arbitrary locations of\n the server's memory by using ALTER COLUMN TYPE during query execution.\n Again, a user must be authenticated in order to exploit this\n (CVE-2007-0556).\n \n Update:\n \n The previous update updated PostgreSQL to upstream versions, including\n 8.1.7 which contained a bug with typemod data types used with check\n constraints and expression indexes. This regression has been corrected\n in the new 8.1.8 version that is being provided.\";\n\ntag_affected = \"postgresql on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-02/msg00010.php\");\n script_id(830256);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:037-1\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name( \"Mandriva Update for postgresql MDKSA-2007:037-1 (postgresql)\");\n\n script_summary(\"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg5\", rpm:\"libecpg5~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libecpg5-devel\", rpm:\"libecpg5-devel~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq4\", rpm:\"libpq4~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq4-devel\", rpm:\"libpq4-devel~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-contrib\", rpm:\"postgresql-contrib~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pl\", rpm:\"postgresql-pl~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plperl\", rpm:\"postgresql-plperl~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpgsql\", rpm:\"postgresql-plpgsql~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-plpython\", rpm:\"postgresql-plpython~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-pltcl\", rpm:\"postgresql-pltcl~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-server\", rpm:\"postgresql-server~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-test\", rpm:\"postgresql-test~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5\", rpm:\"lib64ecpg5~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5-devel\", rpm:\"lib64ecpg5-devel~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq4\", rpm:\"lib64pq4~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq4-devel\", rpm:\"lib64pq4-devel~8.1.8~1.1mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:40:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of PostgresSQL", "modified": "2018-04-06T00:00:00", "published": "2009-06-03T00:00:00", "id": "OPENVAS:1361412562310855501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855501", "type": "openvas", "title": "Solaris Update for PostgresSQL 123590-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for PostgresSQL 123590-10\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"PostgresSQL on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n PostgresSQL\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855501\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-03 12:31:50 +0200 (Wed, 03 Jun 2009)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123590-10\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name( \"Solaris Update for PostgresSQL 123590-10\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123590-10-1\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of PostgresSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123590-10\", package:\"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql-docs\n postgresql-server\n postgresql-pl\n postgresql-devel\n postgresql-libs\n postgresql-contrib\n postgresql\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018245 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065501", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065501", "type": "openvas", "title": "SLES9: Security update for PostgreSQL", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5018245.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for PostgreSQL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n postgresql-docs\n postgresql-server\n postgresql-pl\n postgresql-devel\n postgresql-libs\n postgresql-contrib\n postgresql\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5018245 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65501\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_name(\"SLES9: Security update for PostgreSQL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"postgresql-docs\", rpm:\"postgresql-docs~7.4.17~0.1\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of PostgresSQL", "modified": "2017-12-25T00:00:00", "published": "2010-02-03T00:00:00", "id": "OPENVAS:855849", "href": "http://plugins.openvas.org/nasl.php?oid=855849", "type": "openvas", "title": "Solaris Update for PostgresSQL 123591-12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for PostgresSQL 123591-12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"PostgresSQL on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n PostgresSQL\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855849);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123591-12\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name(\"Solaris Update for PostgresSQL 123591-12\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123591-12-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of PostgresSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"123591-12\", package:\"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0555", "CVE-2007-0556"], "description": "Check for the Version of PostgresSQL", "modified": "2018-01-18T00:00:00", "published": "2010-02-03T00:00:00", "id": "OPENVAS:1361412562310855826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855826", "type": "openvas", "title": "Solaris Update for PostgresSQL 123590-12", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for PostgresSQL 123590-12\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"PostgresSQL on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n PostgresSQL\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855826\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_xref(name: \"SUNSolve\", value: \"123590-12\");\n script_cve_id(\"CVE-2007-0555\", \"CVE-2007-0556\");\n script_name(\"Solaris Update for PostgresSQL 123590-12\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123590-12-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of PostgresSQL\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"123590-12\", package:\"SUNWpostgr-jdbcS SUNWpostgr-contrib SUNWpostgrS SUNWpostgr-tclS SUNWpostgr-server-data SUNWpostgr-devel SUNWpostgr-libs SUNWpostgr-jdbc SUNWpostgr-tcl SUNWpostgr-server SUNWpostgr-pl SUNWpostgr-docs SUNWpostgr\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5540", "CVE-2006-5541", "CVE-2006-5542", "CVE-2007-0555", "CVE-2007-0556"], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS).\r\n\r\nTwo flaws were found in the way the PostgreSQL server handles certain\r\nSQL-language functions. An authenticated user could execute a sequence of\r\ncommand which could crash the PostgreSQL server or possibly read from\r\narbitrary memory locations. A user must have permissions to drop and add\r\ndatabase tables to exploit this flaw. (CVE-2007-0555, CVE-2007-0556)\r\n\r\nSeveral denial of service flaws were found in the PostgreSQL server. An\r\nauthenticated user could execute an SQL command which could crash the\r\nPostgreSQL server. (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542)\r\n\r\nUsers of PostgreSQL should upgrade to these updated packages containing\r\nPostgreSQL version 8.1.7, which corrects these issues. \r\n\r\nNote: The original PostgreSQL 8.1.7 security patch contained an error; this\r\nrelease includes the updated patch and so is equivalent to the\r\nsoon-to-be-released 8.1.8.", "modified": "2019-03-22T23:44:25", "published": "2007-02-07T05:00:00", "id": "RHSA-2007:0067", "href": "https://access.redhat.com/errata/RHSA-2007:0067", "type": "redhat", "title": "(RHSA-2007:0067) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2019-08-13T18:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5540", "CVE-2006-5541", "CVE-2006-5542", "CVE-2007-0555", "CVE-2007-0556"], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS).\r\n\r\nTwo flaws were found in the way the PostgreSQL server handles certain\r\nSQL-language functions. An authenticated user could execute a sequence of\r\ncommands which could crash the PostgreSQL server or possibly read from\r\narbitrary memory locations. A user would need to have permissions to drop\r\nand add database tables to be able to exploit these issues (CVE-2007-0555,\r\nCVE-2007-0556).\r\n\r\nSeveral denial of service flaws were found in the PostgreSQL server. An\r\nauthenticated user could execute certain SQL commands which could crash the\r\nPostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542).\r\n\r\nUsers of PostgreSQL should upgrade to these updated packages containing\r\nPostgreSQL version 8.1.8 which corrects these issues.", "modified": "2017-09-08T12:19:13", "published": "2007-03-14T04:00:00", "id": "RHSA-2007:0068", "href": "https://access.redhat.com/errata/RHSA-2007:0068", "type": "redhat", "title": "(RHSA-2007:0068) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2019-08-13T18:47:01", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5540", "CVE-2007-0555"], "description": "PostgreSQL is an advanced Object-Relational database management system\r\n(DBMS).\r\n\r\nA flaw was found in the way the PostgreSQL server handles certain\r\nSQL-language functions. An authenticated user could execute a sequence of\r\ncommands which could crash the PostgreSQL server or possibly read from\r\narbitrary memory locations. A user would need to have permissions to drop\r\nand add database tables to be able to exploit this issue (CVE-2007-0555).\r\n\r\nA denial of service flaw was found affecting the PostgreSQL server running\r\non Red Hat Enterprise Linux 4 systems. An authenticated user could execute\r\nan SQL command which could crash the PostgreSQL server. (CVE-2006-5540)\r\n\r\nUsers of PostgreSQL should upgrade to these updated packages containing\r\nPostgreSQL version 7.4.16 or 7.3.18, which correct these issues.", "modified": "2017-09-08T12:12:21", "published": "2007-02-07T05:00:00", "id": "RHSA-2007:0064", "href": "https://access.redhat.com/errata/RHSA-2007:0064", "type": "redhat", "title": "(RHSA-2007:0064) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5540", "CVE-2006-5542", "CVE-2007-0555", "CVE-2006-5541", "CVE-2007-2138", "CVE-2007-0556"], "description": " [7.4.17-1.RHEL4.1]\n - Update to PostgreSQL 7.4.17 for CVE-2007-2138, data loss bugs\n Resolves: #237680 ", "edition": 4, "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "ELSA-2007-0336", "href": "http://linux.oracle.com/errata/ELSA-2007-0336.html", "title": "Moderate: postgresql security update ", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5540", "CVE-2007-0555"], "description": " [7.4.16-1.RHEL4.1]\n \n - Update to PostgreSQL 7.4.16 to fix CVE-2007-0555\n Resolves: #225493 ", "edition": 4, "modified": "2007-02-07T00:00:00", "published": "2007-02-07T00:00:00", "id": "ELSA-2007-0064", "href": "http://linux.oracle.com/errata/ELSA-2007-0064.html", "title": "Moderate: postgresql security update ", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0555"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.postgresql.org/support/security\nVendor Specific News/Changelog Entry: https://issues.rpath.com/browse/RPL-830\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-417-1)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-417-2)\n[Vendor Specific Advisory URL](http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html)\n[Vendor Specific Advisory URL](http://fedoranews.org/cms/node/2554)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2007:037)\nSecurity Tracker: 1017597\n[Secunia Advisory ID:24151](https://secuniaresearch.flexerasoftware.com/advisories/24151/)\n[Secunia Advisory ID:24158](https://secuniaresearch.flexerasoftware.com/advisories/24158/)\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:24028](https://secuniaresearch.flexerasoftware.com/advisories/24028/)\n[Secunia Advisory ID:24577](https://secuniaresearch.flexerasoftware.com/advisories/24577/)\n[Secunia Advisory ID:24050](https://secuniaresearch.flexerasoftware.com/advisories/24050/)\n[Secunia Advisory ID:24094](https://secuniaresearch.flexerasoftware.com/advisories/24094/)\n[Secunia Advisory ID:24315](https://secuniaresearch.flexerasoftware.com/advisories/24315/)\n[Secunia Advisory ID:25220](https://secuniaresearch.flexerasoftware.com/advisories/25220/)\n[Secunia Advisory ID:24033](https://secuniaresearch.flexerasoftware.com/advisories/24033/)\n[Secunia Advisory ID:24057](https://secuniaresearch.flexerasoftware.com/advisories/24057/)\n[Secunia Advisory ID:24042](https://secuniaresearch.flexerasoftware.com/advisories/24042/)\n[Secunia Advisory ID:24513](https://secuniaresearch.flexerasoftware.com/advisories/24513/)\nRedHat RHSA: RHSA-2007:0064\nOther Advisory URL: http://www.us.debian.org/security/2007/dsa-1261\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0004.html\nOther Advisory URL: http://www.postgresql.org/support/security\nOther Advisory URL: http://fedoranews.org/cms/node/2554\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html\nOther Advisory URL: http://www.trustix.org/errata/2007/0007/\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-15.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-417-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:037\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1\nMail List Post: http://www.securityfocus.com/archive/1/archive/1/459280/100/0/threaded\nKeyword: CVE-2007-0555 \nCVE-2007-0556 \nISS X-Force ID: 32195\nFrSIRT Advisory: ADV-2007-0478\nFrSIRT Advisory: ADV-2007-0774\n[CVE-2007-0555](https://vulners.com/cve/CVE-2007-0555)\nBugtraq ID: 22387\n", "edition": 1, "modified": "2007-02-05T09:33:48", "published": "2007-02-05T09:33:48", "href": "https://vulners.com/osvdb/OSVDB:33087", "id": "OSVDB:33087", "title": "PostgreSQL Function Argument Data Type Check Bypass", "type": "osvdb", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "cvelist": ["CVE-2007-0556"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.postgresql.org/support/security\nSecurity Tracker: 1017597\n[Secunia Advisory ID:24577](https://secuniaresearch.flexerasoftware.com/advisories/24577/)\n[Secunia Advisory ID:24315](https://secuniaresearch.flexerasoftware.com/advisories/24315/)\n[Secunia Advisory ID:25220](https://secuniaresearch.flexerasoftware.com/advisories/25220/)\n[Secunia Advisory ID:24513](https://secuniaresearch.flexerasoftware.com/advisories/24513/)\nRedHat RHSA: RHSA-2007:0067\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-117.htm\nOther Advisory URL: http://www.trustix.org/errata/2007/0007\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0004.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-830\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-February/000141.html\nOther Advisory URL: http://fedoranews.org/cms/node/2554\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200703-15.xml\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1025\nOther Advisory URL: http://www.ubuntu.com/usn/usn-417-2\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102825-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:037\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-417-1\nISS X-Force ID: 32191\nFrSIRT Advisory: ADV-2007-0478\nFrSIRT Advisory: ADV-2007-0774\n[CVE-2007-0556](https://vulners.com/cve/CVE-2007-0556)\nBugtraq ID: 22387\n", "edition": 1, "modified": "2007-02-05T07:22:11", "published": "2007-02-05T07:22:11", "href": "https://vulners.com/osvdb/OSVDB:33302", "id": "OSVDB:33302", "title": "PostgreSQL Query Planner Table Compatibility Memory Access", "type": "osvdb", "cvss": {"score": 6.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:28:16", "bulletinFamily": "unix", "cvelist": ["CVE-2007-0555"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1261-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 15th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : postgresql\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-0555\n\nIt was discovered that the PostgreSQL database performs insufficient type\nchecking for SQL function arguments, which might lead to denial of service\nor information disclosure.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 7.4.7-6sarge4.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 8.1.7-1 of the postgresql-8.1 package.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 8.1.7-1 of the postgresql-8.1 package.\n\nWe recommend that you upgrade your PostgreSQL packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4.dsc\n Size/MD5 checksum: 985 de5120c58a4e9b9aae438fb99f8b7ec0\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4.diff.gz\n Size/MD5 checksum: 190657 e977e480e0c8355d618cf1ce89f837eb\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz\n Size/MD5 checksum: 9952102 d193c58aef02a745e8657c48038587ac\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge4_all.deb\n Size/MD5 checksum: 2267500 447f1f950fcaf70c26f34fc434ef916f\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 240460 1741c6d16519862048ed9df6db1d0cf5\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 105386 6a7ed440b65419bf2147ff37f26f0cd5\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 83030 3a75eb82e2d290c16109d393feab6e38\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 62532 31003d2ae9f60a8ac50e4383e74d1478\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 140090 33c1bb926536eabbd6b3e1dfe5a728e1\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 4153654 818d01203ea788919c655359e74cd575\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 614776 fb2267bc92186ca3ea29606ae4f0d20a\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 702394 0ae3a0b02462486098877c25531bbf5c\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_alpha.deb\n Size/MD5 checksum: 546696 6ccd0fbcf90dd3f5158d69dd581b2614\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 210872 7cb8e4bc22296ddb6441b1929786f322\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 97002 4bcdcb4877acb0c874ebc16b56a7b4e3\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 79948 82c6aac1ede8525f43bbd12618ab6c7d\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 56784 1e98e92e3aae79e096fe1c265fdbb7b4\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 132054 81e5d214a0d6ec9320bbd900afaafc74\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 3888700 8d80dc51e3bdccf0738e895a3f9c33e2\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 559998 cc32760c93bac44653a8c4cd8851b12b\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 655334 f4643b3fed96600a5f82ca2098e0cae6\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_amd64.deb\n Size/MD5 checksum: 520310 3084919a91f73719772f6c6e5256b796\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 217386 5455356df42a3834d6f13e50c6be0aaa\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 92742 a90ec1a0fdb739e86c71fbd7ecb27bc7\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 76844 aed0dd5d47ccead39576edbbe83dba3e\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 56904 259be5457cd41fe77b3e5cf18dfcfd2d\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 124688 bda7583d62c40a6141780fbc6bfe4f4e\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 3791006 9f229b44d1f6424f24732dbec68dad3b\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 535014 55e251d49d0f715ade522429d77be12c\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 628646 12a87eeb8af891a41209ccef4b4c6e0b\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_arm.deb\n Size/MD5 checksum: 519040 62d2a373b81d4f179705ba6ab3d82d75\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 218236 46a131465773278e3933b647e9fc6742\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 105018 e6b2b82fc3a944bc0ae572ff2eee6683\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 84314 7a998b58c8cea9271d26ff808e23baee\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 59256 85eccd2359d58ac24aefe8985e31a15a\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 135200 74e514bac1003ad37e239cac12546b36\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 4263902 8cbfb0028f011cb10d4621e681a62a87\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 572942 9ff224fb7dfa8d7d255f5ac041fdb4fa\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 686994 f33f1b93fb06abf3f18fca1e37e7da1a\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_hppa.deb\n Size/MD5 checksum: 524386 f30740be5187716bb41ba16743c58c5d\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 207826 222c65e0e6579d9ad405f24180c239d8\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 95700 4ab2297836511eae9242d54ee74392e8\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 78572 d47257bc80be8d9a20015a3b6b9d0b58\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 56210 7337781eb3ed33d3acca9532dd8cdd85\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 128782 8a8014bd10986ed46ff60d6349c958ee\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 3799884 6e463595ef31b82d83168a400537d461\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 539990 dd94f235e33bd902ad0c1823958201a7\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 626306 a5937ef6381e5f951420d698d28dc802\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_i386.deb\n Size/MD5 checksum: 516302 82075269a3b5244d12424314b8768ef5\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 250796 408546c6b0cc6deaca1ee33d5581a0c2\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 118052 ebee629781cc79aeb21cad18d6964841\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 92382 f0a0df9bc318e7e17b2aa4b11cc88e13\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 61138 c1e9ffb864aff784c3cf2a5769398317\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 153098 195a8a7ff7fb30001121601eda73f6a9\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 4409256 5118d1b797fd4ab4210a1c67cdd80b2e\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 682632 d78d3e82bcc4f08f6023624e0ba7d5e2\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 776566 85b9d39a630c1b3a629b690677f27f6e\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_ia64.deb\n Size/MD5 checksum: 544080 b472d226c1a79562e6872943928689a1\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 194652 499b5edeca896f79de54268428d3d140\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 90478 dc1cfc3ccdd1789479f96bbd52478b1a\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 77466 78c06cb51fd25506aa10f9297211344f\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 54456 7b112302857dda2b9ff5c3f9b424313e\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 125840 2ce45a3e89ce227ec387f412821f4239\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 3973962 04bed9a605f42efa8e7f588a1a347fc0\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 510944 3209d8ec8168b51dc241cf4050817062\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 609750 2d07ad1ed99639136b4fe41f0ba0331e\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_m68k.deb\n Size/MD5 checksum: 507828 c477c36aa55492479039c8481af1045b\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 210216 863ab75591787ce8b12a354e5addae89\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 96314 319bde736578e701d92e1e13b7cafabd\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 81300 2e0c5a45307c1905d7c75a797db4371f\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 56828 2f4b2a9a35f80e17d5d3062d4941a8dc\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 128914 9816bde87cd73099df59797d20f80f1b\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 4171452 1e529f3f682024695022dec39590d340\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 582654 4fe86cf3bf2ab700fb8de7ae156310e0\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 642414 cd2bd00dbbd655bf8a6e8c9ac2f4995c\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_mips.deb\n Size/MD5 checksum: 521960 958ab8d0d25c13c5b8792cc225fc8074\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 208268 d49ac7a2139715ad2c41849d15bba8e7\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 96504 0f18852f8fc30c54e1d70100d24d8f22\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 81024 5827379d07d4833df83d9c680e6fb275\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 56862 cdc70e39aa1cedddf549d9b2521c3b7d\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 128990 2ec896b4669f85bb4ad402d10719d0c8\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 3863638 676c9926fe1ed94720bd285344f5f26c\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 582032 b3caa717064ac27a36927fb600a8111a\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 641870 a6adc7f6933252f7264968ba218d5fa0\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_mipsel.deb\n Size/MD5 checksum: 522314 744363c35bbecbce88f96a30749397ea\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 211504 3414c56214b27a72dc9d008bf2b1e88b\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 100998 c1af673179865babd1cf3254bc044c1b\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 85182 07b680ebb310dc731da4c7b4a80d9c2b\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 55890 a30418ff67abadb4eec427465f4f23ca\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 130392 689e12f3642163881ab0b70ef4f266f1\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 4203050 d993f373e849218104dc596fcb827770\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 565852 51361e05358a4c967ac74bf3971ca2ba\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 686820 542db734f8a118539a64c9b7dda0dcf7\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_powerpc.deb\n Size/MD5 checksum: 517246 7f39d533b5f5100ee1efe5a1b8f6ea1e\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 208828 93921406ce6a87a6c9c566cd7da12ca6\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 98348 ec11ee4dbeebfb663d73e5510adbc1c2\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 80954 f9a68a37096db82b0ab0fa0c9233db5a\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 57560 9c5b26344d23a5fe17b9381d086bc0d0\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 134390 fff9eaf986adbcedbe8ae9213d488301\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 4161748 c5fd3236d25c36a5db9e2906a128dc3c\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 549968 8170b5ff8c73ee16cfeb0ba6bab99f9d\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 665698 76a8b35497dc74aa005566f34ada45ae\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_s390.deb\n Size/MD5 checksum: 521106 bb9f1745b107d112e268448ecaaba5b1\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 206430 cd60fe3e2656214bec4daefc670b2c3a\n http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 94176 99fb9b605b39c98a22bad650c3999b80\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 78474 74324033fc369d5f7bfc29e758955d5e\n http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 56706 49407acd48f2aa2002caafe8cec7f1c6\n http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 128172 02bd0869115a91ba1232cb1f69cda290\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 4091152 9ae05ad6b6064e0f7d11b2537a36184c\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 536332 bf8046e6b48362a6bb90932814341b14\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 633726 8ec575397555983adaa1e494fb5c8e5e\n http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_sparc.deb\n Size/MD5 checksum: 514960 0a5c1c6ffcca42b642d56176cc11050e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 9, "modified": "2007-02-15T00:00:00", "published": "2007-02-15T00:00:00", "id": "DEBIAN:DSA-1261-1:70EA9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00016.html", "title": "[SECURITY] [DSA 1261-1] New PostgreSQL packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:14", "bulletinFamily": "unix", "cvelist": ["CVE-2006-5540", "CVE-2007-0555"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0064\n\n\nPostgreSQL is an advanced Object-Relational database management system\r\n(DBMS).\r\n\r\nA flaw was found in the way the PostgreSQL server handles certain\r\nSQL-language functions. An authenticated user could execute a sequence of\r\ncommands which could crash the PostgreSQL server or possibly read from\r\narbitrary memory locations. A user would need to have permissions to drop\r\nand add database tables to be able to exploit this issue (CVE-2007-0555).\r\n\r\nA denial of service flaw was found affecting the PostgreSQL server running\r\non Red Hat Enterprise Linux 4 systems. An authenticated user could execute\r\nan SQL command which could crash the PostgreSQL server. (CVE-2006-5540)\r\n\r\nUsers of PostgreSQL should upgrade to these updated packages containing\r\nPostgreSQL version 7.4.16 or 7.3.18, which correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025547.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025548.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025550.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025552.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025555.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025556.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025557.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/025558.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0064.html", "edition": 4, "modified": "2007-02-08T12:47:40", "published": "2007-02-07T23:16:48", "href": "http://lists.centos.org/pipermail/centos-announce/2007-February/025547.html", "id": "CESA-2007:0064", "title": "postgresql, rh security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}]}