ID OPENVAS:136141256231067135 Type openvas Reporter Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com Modified 2017-12-25T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID e050119b-3856-11df-b2b2-002170daae37
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID e050119b-3856-11df-b2b2-002170daae37
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following package is affected: postgresql-server
CVE-2010-0442
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL
8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a
denial of service (daemon crash) or have unspecified other impact via
vectors involving a negative integer in the third argument, as
demonstrated by a SELECT statement that contains a call to the
substring function for a bit string, related to an 'overflow.'";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.67135");
script_version("$Revision: 8244 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)");
script_cve_id("CVE-2010-0442");
script_bugtraq_id(37973);
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_name("FreeBSD Ports: postgresql-server");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"postgresql-server");
if(!isnull(bver) && revcomp(a:bver, b:"7.4")>=0 && revcomp(a:bver, b:"7.4.28")<0) {
txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"8.0")>=0 && revcomp(a:bver, b:"8.0.24")<0) {
txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"8.1")>=0 && revcomp(a:bver, b:"8.1.20")<0) {
txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"8.2")>=0 && revcomp(a:bver, b:"8.2.16")<0) {
txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"8.3")>=0 && revcomp(a:bver, b:"8.3.10")<0) {
txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"8.4")>=0 && revcomp(a:bver, b:"8.4.3")<0) {
txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231067135", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: postgresql-server", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2010-03-30T00:00:00", "modified": "2017-12-25T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 6.5}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067135", "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2010-0442"], "lastseen": "2018-01-02T10:54:56", "viewCount": 1, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-01-02T10:54:56", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0442"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310100470", "OPENVAS:1361412562310840428", "OPENVAS:1361412562310831057", "OPENVAS:880656", "OPENVAS:1361412562310880656", "OPENVAS:870269", "OPENVAS:1361412562310880399", "OPENVAS:67404", "OPENVAS:67135", "OPENVAS:840428"]}, {"type": "exploitdb", "idList": ["EDB-ID:33571"]}, {"type": "ubuntu", "idList": ["USN-933-1"]}, {"type": "nessus", "idList": ["SL_20100519_POSTGRESQL_ON_SL3_X.NASL", "REDHAT-RHSA-2010-0427.NASL", "UBUNTU_USN-933-1.NASL", "ORACLELINUX_ELSA-2010-0429.NASL", "CENTOS_RHSA-2010-0427.NASL", "MANDRIVA_MDVSA-2010-103.NASL", "ORACLELINUX_ELSA-2010-0427.NASL", "DEBIAN_DSA-2051.NASL", "FREEBSD_PKG_E050119B385611DFB2B2002170DAAE37.NASL", "CENTOS_RHSA-2010-0429.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23723", "SECURITYVULNS:VULN:10803"]}, {"type": "seebug", "idList": ["SSV:19018"]}, {"type": "freebsd", "idList": ["E050119B-3856-11DF-B2B2-002170DAAE37"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0429", "ELSA-2010-0428", "ELSA-2010-0427"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2051-1:DF8B6"]}, {"type": "redhat", "idList": ["RHSA-2010:0427", "RHSA-2010:0429", "RHSA-2010:0428"]}, {"type": "centos", "idList": ["CESA-2010:0427", "CESA-2010:0428", "CESA-2010:0429"]}, {"type": "gentoo", "idList": ["GLSA-201110-22"]}], "modified": "2018-01-02T10:54:56", "rev": 2}, "vulnersScore": 6.4}, "pluginID": "136141256231067135", "sourceData": "#\n#VID e050119b-3856-11df-b2b2-002170daae37\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e050119b-3856-11df-b2b2-002170daae37\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: postgresql-server\n\nCVE-2010-0442\nThe bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL\n8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a\ndenial of service (daemon crash) or have unspecified other impact via\nvectors involving a negative integer in the third argument, as\ndemonstrated by a SELECT statement that contains a call to the\nsubstring function for a bit string, related to an 'overflow.'\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67135\");\n script_version(\"$Revision: 8244 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)\");\n script_cve_id(\"CVE-2010-0442\");\n script_bugtraq_id(37973);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.28\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.24\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.20\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.16\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.10\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.3\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:44:55", "description": "The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an \"overflow.\"", "edition": 4, "cvss3": {}, "published": "2010-02-02T18:30:00", "title": "CVE-2010-0442", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0442"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:postgresql:postgresql:8.1.11", "cpe:/a:postgresql:postgresql:8.3.8", "cpe:/a:postgresql:postgresql:8.0.23"], "id": "CVE-2010-0442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0442", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:postgresql:postgresql:8.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:31:43", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0442"], "description": "It was discovered that PostgreSQL did not properly sanitize its input when \nusing substring() with a SELECT statement. A remote authenticated attacker \ncould exploit this to cause a denial of service via application crash.", "edition": 5, "modified": "2010-04-28T00:00:00", "published": "2010-04-28T00:00:00", "id": "USN-933-1", "href": "https://ubuntu.com/security/notices/USN-933-1", "title": "PostgreSQL vulnerability", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-02T10:54:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0442"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-933-1", "modified": "2017-12-26T00:00:00", "published": "2010-04-30T00:00:00", "id": "OPENVAS:1361412562310840428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840428", "type": "openvas", "title": "Ubuntu Update for PostgreSQL vulnerability USN-933-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_933_1.nasl 8246 2017-12-26 07:29:20Z teissa $\n#\n# Ubuntu Update for PostgreSQL vulnerability USN-933-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PostgreSQL did not properly sanitize its input when\n using substring() with a SELECT statement. A remote authenticated attacker\n could exploit this to cause a denial of service via application crash.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-933-1\";\ntag_affected = \"PostgreSQL vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-933-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840428\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"933-1\");\n script_cve_id(\"CVE-2010-0442\");\n script_name(\"Ubuntu Update for PostgreSQL vulnerability USN-933-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0442"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-933-1", "modified": "2017-12-01T00:00:00", "published": "2010-04-30T00:00:00", "id": "OPENVAS:840428", "href": "http://plugins.openvas.org/nasl.php?oid=840428", "type": "openvas", "title": "Ubuntu Update for PostgreSQL vulnerability USN-933-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_933_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for PostgreSQL vulnerability USN-933-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PostgreSQL did not properly sanitize its input when\n using substring() with a SELECT statement. A remote authenticated attacker\n could exploit this to cause a denial of service via application crash.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-933-1\";\ntag_affected = \"PostgreSQL vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-933-1/\");\n script_id(840428);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"933-1\");\n script_cve_id(\"CVE-2010-0442\");\n script_name(\"Ubuntu Update for PostgreSQL vulnerability USN-933-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.4\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.4.3-0ubuntu9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat2\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg5\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes2\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq4\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.1\", ver:\"8.1.20-0ubuntu0.6.06.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.10-0ubuntu9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.10-0ubuntu8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0442"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-10T00:00:00", "published": "2010-03-30T00:00:00", "id": "OPENVAS:67135", "href": "http://plugins.openvas.org/nasl.php?oid=67135", "type": "openvas", "title": "FreeBSD Ports: postgresql-server", "sourceData": "#\n#VID e050119b-3856-11df-b2b2-002170daae37\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e050119b-3856-11df-b2b2-002170daae37\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: postgresql-server\n\nCVE-2010-0442\nThe bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL\n8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a\ndenial of service (daemon crash) or have unspecified other impact via\nvectors involving a negative integer in the third argument, as\ndemonstrated by a SELECT statement that contains a call to the\nsubstring function for a bit string, related to an 'overflow.'\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(67135);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-30 18:37:46 +0200 (Tue, 30 Mar 2010)\");\n script_cve_id(\"CVE-2010-0442\");\n script_bugtraq_id(37973);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: postgresql-server\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"postgresql-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"7.4\")>=0 && revcomp(a:bver, b:\"7.4.28\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.0\")>=0 && revcomp(a:bver, b:\"8.0.24\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.1\")>=0 && revcomp(a:bver, b:\"8.1.20\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.2\")>=0 && revcomp(a:bver, b:\"8.2.16\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.3\")>=0 && revcomp(a:bver, b:\"8.3.10\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"8.4\")>=0 && revcomp(a:bver, b:\"8.4.3\")<0) {\n txt += 'Package postgresql-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-01-29T20:43:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0442"], "description": "PostgreSQL is prone to a buffer-overflow vulnerability because the\n application fails to perform adequate boundary checks on user-supplied data.", "modified": "2020-01-28T00:00:00", "published": "2010-01-28T00:00:00", "id": "OPENVAS:1361412562310100470", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100470", "type": "openvas", "title": "PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Update By : Antu Sanadi <santu@secpod.com> 2010-02-04 #7085\n# Updated the CVE-2010-0442 and version check according to CVE.\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:postgresql:postgresql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100470\");\n script_version(\"2020-01-28T13:26:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 13:26:39 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-01-28 18:48:47 +0100 (Thu, 28 Jan 2010)\");\n script_cve_id(\"CVE-2010-0442\");\n script_bugtraq_id(37973);\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_dependencies(\"postgresql_detect.nasl\", \"secpod_postgresql_detect_lin.nasl\", \"secpod_postgresql_detect_win.nasl\");\n script_mandatory_keys(\"postgresql/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37973\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/55902\");\n script_xref(name:\"URL\", value:\"http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html\");\n\n script_tag(name:\"summary\", value:\"PostgreSQL is prone to a buffer-overflow vulnerability because the\n application fails to perform adequate boundary checks on user-supplied data.\");\n\n script_tag(name:\"impact\", value:\"Attackers can exploit this issue to execute arbitrary code with\n elevated privileges or crash the affected application.\");\n\n script_tag(name:\"affected\", value:\"PostgreSQL version 8.0.x, 8.1.x, 8.3.x is vulnerable. Other versions may also be affected.\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\nloc = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"8.0\", test_version2:\"8.0.23\" ) ||\n version_in_range( version:vers, test_version:\"8.1\", test_version2:\"8.1.11\" ) ||\n version_in_range( version:vers, test_version:\"8.3\", test_version2:\"8.3.8\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\", install_path:loc );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2018-01-18T11:04:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "Check for the Version of poppler", "modified": "2018-01-17T00:00:00", "published": "2010-03-22T00:00:00", "id": "OPENVAS:1361412562310830953", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830953", "type": "openvas", "title": "Mandriva Update for poppler MDVA-2010:103 (poppler)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVA-2010:103 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"Poppler cairo backend was not handling PDF images prescaling\n correctly, causing some PDF files (mostly from scanned text) to\n be unreadable. This updates fixes this issues and includes other\n stability fixes.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00029.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830953\");\n script_version(\"$Revision: 8440 $\");\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:103\");\n script_name(\"Mandriva Update for poppler MDVA-2010:103 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler5\", rpm:\"libpoppler5~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib4\", rpm:\"libpoppler-glib4~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler5\", rpm:\"lib64poppler5~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib4\", rpm:\"lib64poppler-glib4~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "Check for the Version of poppler", "modified": "2017-12-19T00:00:00", "published": "2010-03-22T00:00:00", "id": "OPENVAS:830953", "href": "http://plugins.openvas.org/nasl.php?oid=830953", "type": "openvas", "title": "Mandriva Update for poppler MDVA-2010:103 (poppler)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVA-2010:103 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"poppler on Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"Poppler cairo backend was not handling PDF images prescaling\n correctly, causing some PDF files (mostly from scanned text) to\n be unreadable. This updates fixes this issues and includes other\n stability fixes.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00029.php\");\n script_id(830953);\n script_version(\"$Revision: 8164 $\");\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:103\");\n script_name(\"Mandriva Update for poppler MDVA-2010:103 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler5\", rpm:\"libpoppler5~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib4\", rpm:\"libpoppler-glib4~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler5\", rpm:\"lib64poppler5~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib4\", rpm:\"lib64poppler-glib4~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.12.4~1.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:55:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "Check for the Version of postgresql", "modified": "2018-01-24T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310831057", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831057", "type": "openvas", "title": "Mandriva Update for postgresql MDVSA-2010:103 (postgresql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for postgresql MDVSA-2010:103 (postgresql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in postgresql:\n\n The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL\n 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users\n to cause a denial of service (daemon crash) or have unspecified\n other impact via vectors involving a negative integer in the third\n argument, as demonstrated by a SELECT statement that contains a\n call to the substring function for a bit string, related to an\n overflow. (CVE-2010-0442).\n \n A flaw was found in the way the PostgreSQL server process\n enforced permission checks on scripts written in PL/Perl. A remote,\n authenticated user, running a specially-crafted PL/Perl script, could\n use this flaw to bypass PL/Perl trusted mode restrictions, allowing\n them to obtain sensitive information; execute arbitrary Perl scripts;\n or cause a denial of service (remove protected, sensitive data)\n (CVE-2010-1169).\n \n The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0\n before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before\n 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads\n Tcl code from the pltcl_modules table regardless of the table's\n ownership and permissions, which allows remote authenticated users,\n with database-creation privileges, to execute arbitrary Tcl code by\n creating this table and inserting a crafted Tcl script (CVE-2010-1170).\n \n PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,\n 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not\n properly check privileges during certain RESET ALL operations, which\n allows remote authenticated users to remove arbitrary parameter\n settings via a (1) ALTER USER or (2) ALTER DATABASE statement\n (CVE-2010-1975).\n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program.\n Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n This update provides a solution to these vulnerabilities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"postgresql on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00031.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831057\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:103\");\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_name(\"Mandriva Update for postgresql MDVSA-2010:103 (postgresql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg5\", rpm:\"libecpg5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libecpg-devel\", rpm:\"libecpg-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq5\", rpm:\"libpq5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq-devel\", rpm:\"libpq-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2\", rpm:\"postgresql8.2~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-contrib\", rpm:\"postgresql8.2-contrib~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-devel\", rpm:\"postgresql8.2-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-docs\", rpm:\"postgresql8.2-docs~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-pl\", rpm:\"postgresql8.2-pl~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plperl\", rpm:\"postgresql8.2-plperl~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plpgsql\", rpm:\"postgresql8.2-plpgsql~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plpython\", rpm:\"postgresql8.2-plpython~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-pltcl\", rpm:\"postgresql8.2-pltcl~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-server\", rpm:\"postgresql8.2-server~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-test\", rpm:\"postgresql8.2-test~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5\", rpm:\"lib64ecpg5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg-devel\", rpm:\"lib64ecpg-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq5\", rpm:\"lib64pq5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq-devel\", rpm:\"lib64pq-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.4_6\", rpm:\"libecpg8.4_6~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.4_5\", rpm:\"libpq8.4_5~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4\", rpm:\"postgresql8.4~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-contrib\", rpm:\"postgresql8.4-contrib~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-devel\", rpm:\"postgresql8.4-devel~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-docs\", rpm:\"postgresql8.4-docs~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-pl\", rpm:\"postgresql8.4-pl~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-plperl\", rpm:\"postgresql8.4-plperl~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-plpgsql\", rpm:\"postgresql8.4-plpgsql~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-plpython\", rpm:\"postgresql8.4-plpython~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-pltcl\", rpm:\"postgresql8.4-pltcl~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-server\", rpm:\"postgresql8.4-server~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.4_6\", rpm:\"lib64ecpg8.4_6~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.4_5\", rpm:\"lib64pq8.4_5~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "The remote host is missing an update to postgresql-8.3\nannounced via advisory DSA 2051-1.", "modified": "2017-07-07T00:00:00", "published": "2010-06-03T00:00:00", "id": "OPENVAS:67404", "href": "http://plugins.openvas.org/nasl.php?oid=67404", "type": "openvas", "title": "Debian Security Advisory DSA 2051-1 (postgresql-8.3)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2051_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2051-1 (postgresql-8.3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-1169\n\nTim Bunce discovered that the implementation of the procedural\nlanguage PL/Perl insufficiently restricts the subset of allowed\ncode, which allows authenticated users the execution of arbitrary\nPerl code.\n\nCVE-2010-1170\n\nTom Lane discovered that the implementation of the procedural\nlanguage PL/Tcl insufficiently restricts the subset of allowed\ncode, which allows authenticated users the execution of arbitrary\nTcl code.\n\nCVE-2010-1975\n\nIt was discovered that an unprivileged user could reset\nsuperuser-only parameter settings.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 8.3.11-0lenny1. This update also introduces a fix for\nCVE-2010-0442, which was originally scheduled for the next Lenny point\nupdate.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.4.4-1 of postgresql-8.4.\n\nWe recommend that you upgrade your postgresql-8.3 packages.\";\ntag_summary = \"The remote host is missing an update to postgresql-8.3\nannounced via advisory DSA 2051-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202051-1\";\n\n\nif(description)\n{\n script_id(67404);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_name(\"Debian Security Advisory DSA 2051-1 (postgresql-8.3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "Check for the Version of postgresql", "modified": "2017-12-25T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:831057", "href": "http://plugins.openvas.org/nasl.php?oid=831057", "type": "openvas", "title": "Mandriva Update for postgresql MDVSA-2010:103 (postgresql)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for postgresql MDVSA-2010:103 (postgresql)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities was discovered and corrected in postgresql:\n\n The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL\n 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users\n to cause a denial of service (daemon crash) or have unspecified\n other impact via vectors involving a negative integer in the third\n argument, as demonstrated by a SELECT statement that contains a\n call to the substring function for a bit string, related to an\n overflow. (CVE-2010-0442).\n \n A flaw was found in the way the PostgreSQL server process\n enforced permission checks on scripts written in PL/Perl. A remote,\n authenticated user, running a specially-crafted PL/Perl script, could\n use this flaw to bypass PL/Perl trusted mode restrictions, allowing\n them to obtain sensitive information; execute arbitrary Perl scripts;\n or cause a denial of service (remove protected, sensitive data)\n (CVE-2010-1169).\n \n The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0\n before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before\n 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads\n Tcl code from the pltcl_modules table regardless of the table's\n ownership and permissions, which allows remote authenticated users,\n with database-creation privileges, to execute arbitrary Tcl code by\n creating this table and inserting a crafted Tcl script (CVE-2010-1170).\n \n PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,\n 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not\n properly check privileges during certain RESET ALL operations, which\n allows remote authenticated users to remove arbitrary parameter\n settings via a (1) ALTER USER or (2) ALTER DATABASE statement\n (CVE-2010-1975).\n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program.\n Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n This update provides a solution to these vulnerabilities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"postgresql on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00031.php\");\n script_id(831057);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:103\");\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_name(\"Mandriva Update for postgresql MDVSA-2010:103 (postgresql)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of postgresql\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg5\", rpm:\"libecpg5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libecpg-devel\", rpm:\"libecpg-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq5\", rpm:\"libpq5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq-devel\", rpm:\"libpq-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql\", rpm:\"postgresql~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2\", rpm:\"postgresql8.2~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-contrib\", rpm:\"postgresql8.2-contrib~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-devel\", rpm:\"postgresql8.2-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-docs\", rpm:\"postgresql8.2-docs~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-pl\", rpm:\"postgresql8.2-pl~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plperl\", rpm:\"postgresql8.2-plperl~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plpgsql\", rpm:\"postgresql8.2-plpgsql~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-plpython\", rpm:\"postgresql8.2-plpython~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-pltcl\", rpm:\"postgresql8.2-pltcl~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-server\", rpm:\"postgresql8.2-server~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.2-test\", rpm:\"postgresql8.2-test~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql-devel\", rpm:\"postgresql-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg5\", rpm:\"lib64ecpg5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg-devel\", rpm:\"lib64ecpg-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq5\", rpm:\"lib64pq5~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq-devel\", rpm:\"lib64pq-devel~8.2.17~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.11~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.4_6\", rpm:\"libecpg8.4_6~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.4_5\", rpm:\"libpq8.4_5~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4\", rpm:\"postgresql8.4~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-contrib\", rpm:\"postgresql8.4-contrib~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-devel\", rpm:\"postgresql8.4-devel~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-docs\", rpm:\"postgresql8.4-docs~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-pl\", rpm:\"postgresql8.4-pl~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-plperl\", rpm:\"postgresql8.4-plperl~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-plpgsql\", rpm:\"postgresql8.4-plpgsql~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-plpython\", rpm:\"postgresql8.4-plpython~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-pltcl\", rpm:\"postgresql8.4-pltcl~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.4-server\", rpm:\"postgresql8.4-server~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.4_6\", rpm:\"lib64ecpg8.4_6~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.4_5\", rpm:\"lib64pq8.4_5~8.4.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.11~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libecpg8.3_6\", rpm:\"libecpg8.3_6~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpq8.3_5\", rpm:\"libpq8.3_5~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3\", rpm:\"postgresql8.3~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-contrib\", rpm:\"postgresql8.3-contrib~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-devel\", rpm:\"postgresql8.3-devel~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-docs\", rpm:\"postgresql8.3-docs~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pl\", rpm:\"postgresql8.3-pl~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plperl\", rpm:\"postgresql8.3-plperl~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpgsql\", rpm:\"postgresql8.3-plpgsql~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-plpython\", rpm:\"postgresql8.3-plpython~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-pltcl\", rpm:\"postgresql8.3-pltcl~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"postgresql8.3-server\", rpm:\"postgresql8.3-server~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ecpg8.3_6\", rpm:\"lib64ecpg8.3_6~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64pq8.3_5\", rpm:\"lib64pq8.3_5~8.3.11~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-26T11:05:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "The remote host is missing an update to postgresql-8.3\nannounced via advisory DSA 2051-1.", "modified": "2018-01-25T00:00:00", "published": "2010-06-03T00:00:00", "id": "OPENVAS:136141256231067404", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067404", "type": "openvas", "title": "Debian Security Advisory DSA 2051-1 (postgresql-8.3)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2051_1.nasl 8528 2018-01-25 07:57:36Z teissa $\n# Description: Auto-generated from advisory DSA 2051-1 (postgresql-8.3)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-1169\n\nTim Bunce discovered that the implementation of the procedural\nlanguage PL/Perl insufficiently restricts the subset of allowed\ncode, which allows authenticated users the execution of arbitrary\nPerl code.\n\nCVE-2010-1170\n\nTom Lane discovered that the implementation of the procedural\nlanguage PL/Tcl insufficiently restricts the subset of allowed\ncode, which allows authenticated users the execution of arbitrary\nTcl code.\n\nCVE-2010-1975\n\nIt was discovered that an unprivileged user could reset\nsuperuser-only parameter settings.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 8.3.11-0lenny1. This update also introduces a fix for\nCVE-2010-0442, which was originally scheduled for the next Lenny point\nupdate.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.4.4-1 of postgresql-8.4.\n\nWe recommend that you upgrade your postgresql-8.3 packages.\";\ntag_summary = \"The remote host is missing an update to postgresql-8.3\nannounced via advisory DSA 2051-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202051-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67404\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-03 22:55:24 +0200 (Thu, 03 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_name(\"Debian Security Advisory DSA 2051-1 (postgresql-8.3)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"postgresql\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-doc\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-server-dev-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-dev\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plperl-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-pltcl-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpgtypes3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg6\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-contrib-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-client-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libecpg-compat3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-plpython-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"postgresql-8.3\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq-dev\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpq5\", ver:\"8.3.11-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T19:27:55", "description": "PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability. CVE-2010-0442. Dos exploit for linux platform", "published": "2010-01-27T00:00:00", "type": "exploitdb", "title": "PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0442"], "modified": "2010-01-27T00:00:00", "id": "EDB-ID:33571", "href": "https://www.exploit-db.com/exploits/33571/", "sourceData": "source: http://www.securityfocus.com/bid/37973/info\r\n\r\nPostgreSQL is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.\r\n\r\nAttackers can exploit this issue to execute arbitrary code with elevated privileges or crash the affected application.\r\n\r\nPostgreSQL 8.0.23 is vulnerable; other versions may also be affected.\r\n\r\n\r\ntestdb=# select substring(B'101010101010101010101010101010101010\r\n10101010101',33,-15); ", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/33571/"}], "freebsd": [{"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0442"], "description": "\nBugTraq reports:\n\nPostgreSQL is prone to a buffer-overflow\n\t vulnerability because the application fails to\n\t perform adequate boundary checks on user-supplied\n\t data.\nAttackers can exploit this issue to execute\n\t arbitrary code with elevated privileges or\n\t crash the affected application.\n\n", "edition": 4, "modified": "2010-01-27T00:00:00", "published": "2010-01-27T00:00:00", "id": "E050119B-3856-11DF-B2B2-002170DAAE37", "href": "https://vuxml.freebsd.org/freebsd/e050119b-3856-11df-b2b2-002170daae37.html", "title": "postgresql -- bitsubstr overflow", "type": "freebsd", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-0442"], "description": "===========================================================\r\nUbuntu Security Notice USN-933-1 April 28, 2010\r\npostgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability\r\nCVE-2010-0442\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n postgresql-8.1 8.1.20-0ubuntu0.6.06.1\r\n\r\nUbuntu 8.04 LTS:\r\n postgresql-8.3 8.3.10-0ubuntu8.04.1\r\n\r\nUbuntu 9.04:\r\n postgresql-8.3 8.3.10-0ubuntu9.04.1\r\n\r\nUbuntu 9.10:\r\n postgresql-8.4 8.4.3-0ubuntu9.10.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that PostgreSQL did not properly sanitize its input when\r\nusing substring() with a SELECT statement. A remote authenticated attacker\r\ncould exploit this to cause a denial of service via application crash.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20-0ubuntu0.6.06.1.diff.gz\r\n Size/MD5: 33787 98a0e6c5015c99a9428aabaa9e51ff0e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20-0ubuntu0.6.06.1.dsc\r\n Size/MD5: 1135 7dfd50b87affea366e80f4e687dd6137\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20.orig.tar.gz\r\n Size/MD5: 11542102 94a97733e140584fff301c32026b4880\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.20-0ubuntu0.6.06.1_all.deb\r\n Size/MD5: 1531996 ed77c5f42ffd39a29da63e07ec37eb52\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 192384 0e6e0bd55513a0034999748c9ff398e1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 384734 a9421ff302752196afb4c740ea19c355\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 213212 7c5b43941f22ee36b5d1cdbeaaf59eaf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 214224 acaf824ff818d9f7c60d09d6b53e1516\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 362908 279cd1da17ce62b7328524b4934447e3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 305814 71ce97fced4ebe529b58c820a4ba7573\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 4356058 8d68d5454980ff4a622f25bb9d152cc4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 1481292 3cd11f14b8edcd349f67dbf70bbac2b2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 655498 691a856787a05ae2101ac720200031c8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 209280 d56d4352a57c7146d9403fe5766ea62e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 203206 e8ef9a2c398d3956ace2e5e593c0f9ca\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 203500 77722ed653892d71fa9ceecc9a0e3dd5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.20-0ubuntu0.6.06.1_amd64.deb\r\n Size/MD5: 638894 6840f57e310843aae43a850d1218b53c\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 191382 57a44201b880520443f146d4256f0bc1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 375164 d80d23f7dc1191c4685f7aa1266670d3\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 210952 ef933871f7e46f200332f9119e004907\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 212400 18c3aae156bd5cfe384d2a647f1745f8\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 351374 23012ef0502e88b8a7ac54d3821bc712\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 298672 7507613246bd0320516fb98a637d7840\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 4157076 450ab358c298afd970173a7c6fd9e066\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 1407178 8c61ca6f1bbc05e0a8a33150cb7b9a1a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 609454 9080f03b2c8c7f158ba8a8db2de8ef97\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 207402 cf2200179409e0ad138a033d036f495c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 200500 57b15d28840a11fa2b1e68d647410b09\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 202088 e4a02136614af148c2054524b649b1f5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.20-0ubuntu0.6.06.1_i386.deb\r\n Size/MD5: 638908 28074434b830203bcb5d97a9913843be\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 193082 ca798a0c8ddbd47bd5ec9b9098330b34\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 380768 282d9ab377efbf4fb182fbc5932e1faf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 214024 05530ee276754d00a8feac3f87103d81\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 216540 49a624c762dcbf4b738f0fef9d0a09e4\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 357494 14bd8124b4fc696cf08e6d2351f901ea\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 302300 310aa37c602f276c7f7a2467d89c333a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 4658218 871761e2d5dc66934ce693211aa73d8a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 1480386 ce451fce53339bfd925993d02d80bb1a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 671432 f4a69bf1cd583cc8c2b4442ab567bb7d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 209096 426391c0c8c21f2654ad5bf4bd745e1e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 203224 cb8b5de643199330ee2ed430dbaffbca\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 204282 177b4c0cf2b1fe9d2e3354123885a878\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.20-0ubuntu0.6.06.1_powerpc.deb\r\n Size/MD5: 638930 a9a1c2d11bb67b9a747a69de486df1fb\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-compat2_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 191100 51331da22bab1ac780519f50278a4327\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg-dev_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 372418 a3a72725d08b77c53f0d077a0e0a52f2\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libecpg5_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 211474 89a8e1c909d840567e830d9b568a1b3e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpgtypes2_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 211916 6047c025a1aaf6c1982c433863ce36c8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq-dev_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 353584 1d1ca02f319e0247c127ec7150a1c762\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/libpq4_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 298878 06f65db0d620c869a25dd9a986375e91\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 4530672 aa4b05bee7787891194f0c32dc21c332\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-client-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 1436438 55a92e68159dc8ee36e36164dea788a8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 629550 256e5e919bb0be9f6b08c2106a9260fd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 207640 7b54c929ef39d31f01b96c31c594187b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 201592 268349b33e676ac78447591387242fc2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 202434 b72f8d6fff0ee114044669da2f926528\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.20-0ubuntu0.6.06.1_sparc.deb\r\n Size/MD5: 638918 2a04b910a6ffaf3816611ed112a28698\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1.diff.gz\r\n Size/MD5: 68817 fd9dde9afb7f1416961f4793b6f8da54\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1.dsc\r\n Size/MD5: 1311 578cc1af160a036a73809644cabfa4ba\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10.orig.tar.gz\r\n Size/MD5: 13870846 6c528104faf2808dcbdbd4a644920fe1\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.10-0ubuntu8.04.1_all.deb\r\n Size/MD5: 253624 01fb1e202f7484527a36a252f43c7ff9\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.10-0ubuntu8.04.1_all.deb\r\n Size/MD5: 253512 bdb5da8d4d35c081398a706d4e59825e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.10-0ubuntu8.04.1_all.deb\r\n Size/MD5: 2171682 9805fa58cc2c0800ac30ae4412960f9e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.10-0ubuntu8.04.1_all.deb\r\n Size/MD5: 3438 a2a91cd882e980c910dd82280c7cd3e1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.10-0ubuntu8.04.1_all.deb\r\n Size/MD5: 253636 afb5d6ec2f3ba2e9614866051909cf81\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 11608 e5d4131272836b697feb14b12d755a55\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 222760 9a895d270dcf1221616dc121aad86576\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 32494 cddf085eecd1b77ce26a26324f49d5a7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 283446 df3459e080e85fda8947020933367b28\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 190292 7296a750e892ca42258de25c7c3e5caa\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 319288 7fd2050ac0d94006a18416aa2a85baf7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 3750716 0ec76f766c09a683a860b0459c625aee\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 734220 1995327179e771bff73e4a661496a33a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 366528 b4330f978a3c73436a8b536b97f674cd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 283830 11ffebc020e9fca0ea6ac8003eb2ae23\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 275804 ae679917772408d50a3af9ed80e30fe2\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 273326 99cbdcbbeecc8360ec6e69cc1f58e6fd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu8.04.1_amd64.deb\r\n Size/MD5: 821706 5ad845c2239b4bb2bc0ee5e7edfbc78f\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 10608 cf1cbc42218fa0c4a2156d36eec87407\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 214202 8819b2771f76e35f24c065b983aa36d7\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 31504 85ea5a903ad9071eb670496f963a7b63\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 282318 751ddd028ad9831ea906cdd4106c66c0\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 175280 97cadbb7b0628bf15e39bc51e520a0f4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 314322 02d4a79f8944bc6d4ab5c0a664f254ff\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 3624530 b8092b979867a186bd8ceb83ad579659\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 703414 552a2bd9b823593cea788510ea6fbba8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 331022 785c0d2853bf511989f24272725da0f5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 281120 9f475b3926a142dedf135584de58e851\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 272448 b6a53af7734ef3f8e2764d5f54692e8c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 271856 b5f7321c0f344536231b4e1446488dde\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu8.04.1_i386.deb\r\n Size/MD5: 825808 f2c65f9dd75503423ac0e57f170f53b1\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 10464 815f3fd99aefeb1776d593d4c8321fc9\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 212736 2c719a9bf5374a1fc4125db299465d61\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 30922 a8c0fad70717fca7daf8bff10eb6619f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 282572 459a646d0e395516dd5d2436613c5aae\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 179822 b028016c77de9168388e44746ea48b58\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 314050 2380dabd5fa176ead8c9faabec170a23\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 3604804 992dbd8f1f8b469d78e4b1b5a3881c84\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 700364 b9f9bc0b21acce627fbe3597f33cc6d1\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 328904 4044bdf779e9e9150280a56ea6ad1307\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 282102 88097410b2152121ac65d1210f2832f5\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 273184 aa1928d6ffb23dd5ded3784458261d35\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 272290 9f4df2931621884acc3b4b2a95b76a2e\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu8.04.1_lpia.deb\r\n Size/MD5: 819538 5c1147f8ba098e7eed44c16b315489d3\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 11262 31f048050ffa712a5164bcb696b49a97\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 217832 973e4d9911c6f6e17c75fcac26636257\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 34076 2c663137ee64bfe061294d6d48a3ae0e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 286114 a019047174e446f21eb71b5736ceea66\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 190136 b28d3cc18c43b33ae43cc8c4e6f1f5f6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 318964 a17b07a99be8611117fed21b29cefdff\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 4101056 37b31f30753694d7ff6cc9ac6cae2a30\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 766782 ed2ccf202d019063359ca9419ca7e276\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 416212 df9c2afdb372f6b3a902dec558f4dc63\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 285466 9e2ab2622b099a082205a7a53be74090\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 277436 7d62895995d2d5cc8959180d5ae92dd9\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 275556 6ac53f2a32c78c48d2cb6248922fb669\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu8.04.1_powerpc.deb\r\n Size/MD5: 822356 c1f7eab5c305d3a01154e7075d4da03b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 9846 f48d0cfce0269335940b33c5620891a0\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 203982 5fd5ef0419bf9c4f019515c411b273f9\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 29680 60852fa732514aac24941391e447fd55\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 279942 7c124f98da2269c0aa6263faf3b17ee6\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 178870 eb851f24f86021ee08648da986af75bb\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 310896 04de3bd170e5b6ce865957c9b1e589fe\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 3858494 aba91cb3d80f17f01304254f68a2c3a1\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 703280 b5432b02297319450beaa1cd14850fa5\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 327006 07c2eeb114c277e2f8f33866391aaf95\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 280398 b6febbcfd145e94939207d1d8f497a65\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 272646 94d4f5960bf058cd8def096080c45a57\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 271730 d7ffc3e5745cf3c9de11b80e1513e0e9\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu8.04.1_sparc.deb\r\n Size/MD5: 820670 4053194366eb88d707d5471bd7eb4864\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1.diff.gz\r\n Size/MD5: 68607 8a83a19afbd33c4c8c622d46f6ef7085\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1.dsc\r\n Size/MD5: 1768 7454f28deecedf089c24276ff513348d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10.orig.tar.gz\r\n Size/MD5: 13870846 6c528104faf2808dcbdbd4a644920fe1\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client_8.3.10-0ubuntu9.04.1_all.deb\r\n Size/MD5: 256060 310835c4cb05993124708c609ca4c164\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib_8.3.10-0ubuntu9.04.1_all.deb\r\n Size/MD5: 255958 253323d9d42606f0876ed9a7c9514e7d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.10-0ubuntu9.04.1_all.deb\r\n Size/MD5: 2006060 a38fc2c106ed7146362066bb186944b5\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-doc_8.3.10-0ubuntu9.04.1_all.deb\r\n Size/MD5: 3440 b4858810d330ea09d9a99df20b44247d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql_8.3.10-0ubuntu9.04.1_all.deb\r\n Size/MD5: 256086 65dda2ba8d93d051b8db67c16b136af8\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 11578 1dd794603bdcb0801e6512ae428bef21\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 226458 a658108cfd1f68de3cf781bcbe38d95e\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 32866 9221345312b2b9e5fcda5046a9389f81\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 286402 0af0a09d99d6b1bf9549ec8561f1f0f1\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 192520 145c79df8ac095c57cb93bb561c6d7ea\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 322548 8671bb5499d2a2a575c5b3bf1e5facec\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 3820998 f7700576d709a1c3762d611efc45faac\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 767586 a8457d7d6e3ad523c96e0b8f44b7a6cf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 374070 3d2f9f24e38d252f9e36919144b847be\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 828406 1b6db50e5a028d03384d393cb434884c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 284266 ecd0c7928ad0fa0d77bcff3f96a498cf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 278126 fb1278d692586414e6a28856033d0f6d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu9.04.1_amd64.deb\r\n Size/MD5: 275596 ba11a2c9166022a336bf322209e1b422\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 10724 8fa4e64e7d7aa7134280146faea92891\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 216432 0096709b89147b1fa129fa8f0fa5425d\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 32150 baf46b37b7fa60c92d25f6f353cfb05f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 285592 0e47ce13bb06dd4a15541ebc8cad5e4b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 184578 cb310595b49ff5e4ff6e3ac6d0976db9\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 318474 c9f998a243661b2269de636db18b989b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 3671210 448d0696b7213a3113d87fb538cbeb85\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 726642 4b947e3374f76dfc241bd595a8036523\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 336458 fe09f014e424566020d218e2fe6b2108\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 823734 541adcc0811ffbe816450bef53e8706e\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 282508 184fdedec8a9079d8791c99a1da57b5a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 275762 25b63d6e4dbf26285b553f94754c71bf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu9.04.1_i386.deb\r\n Size/MD5: 274740 28c34fe6c17aa15c84b33d2b0dbc07ef\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 10444 e383c792a0bdda954ac171d1ebb4ffe2\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 216532 54d914725627859cd7782f4f4d325d5d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 31336 9e69fabd640f1c0e004f21909cabcc91\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 285186 de83430d183d224548e586d56d8a9237\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 181346 0d4e0754c415c6c6ac47798cd6e0aa3e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 317330 845bfbe00ea3c1423d3cacd1a33c935c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 3648368 3179102a942db8a573fc2ccae1b8869e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 721070 cfa43e0b75f8cc7a6acfd14e58ddb0ae\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 332618 3650296848da548a68e4944ecf5aec14\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 823154 913110f42a611256f5c5fca66f177d37\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 282862 716e5b5d4cf3135790738b21ebb670b7\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 275726 7a9771c36fc58685b0304cf34d0562ba\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu9.04.1_lpia.deb\r\n Size/MD5: 274596 4f50101ca9fb4680f2c34592d3bcb3fa\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 11274 1356b6366818e8fe84242dc9aa98c130\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 224208 e87ce7daaab56e94c49ebf3850e12f4d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 33962 e0865911976df1b5a9c8a0b7289ee960\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 288684 43c84cafeba70cad5c13e6c3c4ef7e92\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 190954 f967a0a699d9c9f6992932e84f758e89\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 321066 db66a32149b5fa56818448be148fc5cd\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 4190332 7fa7063655cb5cebbe720100f0acd6ea\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 796774 f02f9cad46075e0273131d19501d12ec\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 424622 bd8c8554a82d93a06d3d603f672a478d\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 830108 f8bfc4fff8079f39bb048c8da183435f\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 285508 ac7ad1b22bcf29145400f09923a672df\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 279566 e7252cb18c79b2bd799044cb259bb1de\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu9.04.1_powerpc.deb\r\n Size/MD5: 277860 02d0e82eac6579dee33c0422dd9d1cbc\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-compat3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 9846 8d2b798892ccc4af3cd286d9c835a925\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg-dev_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 208380 dcfe69212a5de3063cf44cab45c717a4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libecpg6_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 29478 979f84bac75d9c94151dbd33ee3aa447\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpgtypes3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 282320 e35c11947fe8bab86ce1619698e49852\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq-dev_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 179340 cbe5c1f4c795b1d87e6f0ee9e37244f0\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/libpq5_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 313782 c36c0929c72c4b2de883b9b41d49e83d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 3915418 6c968efde68204d0f42dbb4d3ef11288\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-client-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 719694 de04c7edac5affd4928c054deb5e6439\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 332542 a7d7b61760e9d616bf0d7d9f6265fad6\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 823936 a80af4fcb8e00de7eeb4c22b35bc10d4\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plperl-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 280564 9b1d54887fd02db7167fdeac02224f14\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-plpython-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 274818 e35e558473fb6de396c80f51f32709a0\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.10-0ubuntu9.04.1_sparc.deb\r\n Size/MD5: 273808 159bb6a5f86bd62cf0435286ccd1e6dc\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1.diff.gz\r\n Size/MD5: 33017 c870e9cb59035b7102b51658cfee54bf\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1.dsc\r\n Size/MD5: 1808 773c26e03562f3a12ac78f45f498679b\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3.orig.tar.gz\r\n Size/MD5: 16853436 712a5d8f78814d2de2071cf43ed323ac\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client_8.4.3-0ubuntu9.10.1_all.deb\r\n Size/MD5: 12874 6a8a2236e16b3493cbce4da08865902b\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib_8.4.3-0ubuntu9.10.1_all.deb\r\n Size/MD5: 12776 7d62d22046249544a78b540294131b90\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc-8.4_8.4.3-0ubuntu9.10.1_all.deb\r\n Size/MD5: 1878582 df7e3e17c6f53fea08fac0af57770fdc\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-doc_8.4.3-0ubuntu9.10.1_all.deb\r\n Size/MD5: 3424 9c6c6a7f9f54a914be108a383a1623ac\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql_8.4.3-0ubuntu9.10.1_all.deb\r\n Size/MD5: 12906 5754ec8daddc2fdf9b28578d0ec225a7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 11524 33eef5e6dc70e5aa01d142ca8a9f5692\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 241366 cd43019f583ed495a36437bc560748e5\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 33512 4147d2b7fa1dede6fd9bfd1b77822b02\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 44636 81b8f990902a7cbcdfd090ea9a7c1d19\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 203058 383d84804916c5cc86d0ba1702067fda\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 83922 4b3e7fe429bbfdb5c9792a57c79199d3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 4045600 b31fac449556b6f1ccf8154f54e19a9a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 826214 b76f36fa3daed7ac720d48a77c3197e0\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 414428 43f52c4f8e574067834465d53f8f1a01\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 626128 1c935e494c446a594477fdb7990d14b8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 40942 7f80e6d3ad4e3f8a0096cfac3b79851c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 35168 3749593f3e4b8f7d23a1183790239a5c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.3-0ubuntu9.10.1_amd64.deb\r\n Size/MD5: 32332 81c7697ac59126f552bb177ad1432274\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 10610 2a81806eb278f9d6302f668d55c2e1e4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg-dev_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 226044 e348540f0ba75a5184a86b37138bcb67\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libecpg6_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 32452 70ed580adea1fc3c20fe09d7f98dd18f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpgtypes3_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 43454 3dbb7b931d8eaebc437b415450d2217f\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq-dev_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 194248 b96a0efd604a9338e28cc8b023d635f4\r\n http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/libpq5_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 78678 9c262cc93a28fb2c12db83310f994416\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 3894688 64e53c2d2f03eb79e63a6deba6b28dd6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 785024 205559ee8c35e47ae4f6a83563927b8a\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 370820 803852f61b5828654e573500b0bd8f95\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 621710 4cf76be1c979bd6c06a84f65e03ed544\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 39144 4bea9591a19fd7f5fa213578fd7c7132\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 32742 227726fb8eed7a6ef9370c6324911c53\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.3-0ubuntu9.10.1_i386.deb\r\n Size/MD5: 31376 8ce102aa998cf94e07a86bfc24d80518\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 10408 b537628f367ef444e9f3158a4e874bbe\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 224438 124987e8c7f535ad96588e74adfe8a6c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 32046 bfc8c259ddc36b56fb32c470e87fe40d\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 43700 996b447f71947ab69f45f161ee0e75f9\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 191716 4ab4c132fdcee2e7f827b480465a96e9\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 78116 daf41c102437d7b4d5a1566bc9009c5c\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 3885600 9286674190cde9af9f04d6d0f919503a\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 782274 d5cf7d0c94361dd8986ec3d53fd27e4f\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 368924 c0ae24e78e8c73855c0322fd2dd2512f\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 621232 a748b68cd723545b49943d35f0dc67ee\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 39724 3dde63a09aa496c1e0d169980e387ed7\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 32932 cd30ec8455754bed516e532964677c58\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.3-0ubuntu9.10.1_lpia.deb\r\n Size/MD5: 31694 54d4272c08dd6f42adc45837c38ffb42\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 10946 cd3446af7431d545dac6ad6c3bf28712\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 241400 e148ab0d13c32b9ee330115a14b84b0e\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 34450 e9ccdf8dd7cb4b36eca5926af4079826\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 47090 449cdfea51f06c7ca9d0e38f56e8c581\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 201002 8a0897bb1e25e9a9a1460c425cfb3e21\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 81616 b4dd6a80fc019e34b2f87e33c8f13510\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 4360406 2e3180114e56c4fe17dc76a01d8aa5b1\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 827704 0ad889702efa79c12f49ef7335e11d33\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 398230 6d32474be0973ba77ea8c70bf18949cc\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 627498 b26cec38b173f61441ba178063294854\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 40100 7b6c8a86a53cf52cda062240132f75ee\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 34360 922ce458cac5f4d7f3c0f99378d83951\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.3-0ubuntu9.10.1_powerpc.deb\r\n Size/MD5: 32306 5256a9c8f5ed93a63efb444cb188c2e7\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-compat3_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 9940 6804239ba01f94885856e161f73f9e31\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg-dev_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 228732 dd0bc4bf2eda432bfc6fa18cd860a997\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libecpg6_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 30684 e4e50f8a43f599c339a33f0f8b0eadc1\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpgtypes3_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 41306 051d4df94061d48e427c35fa0c7e6405\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq-dev_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 189634 eb464d22509e48a452b3f1e1ea13dce4\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/libpq5_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 74086 160ff0400cd5daae206b106fdf9741cb\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 4129454 dd68cc74b04568a710254700b3a0d906\r\n http://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-client-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 779834 19f5f225f4695d3e3f8db0b2f2535810\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-contrib-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 371802 a82f1a7a79888ffea0a02bf83f445346\r\n \r\nhttp://ports.ubuntu.com/pool/main/p/postgresql-8.4/postgresql-server-dev-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 624774 b8c47d36b7b21debf1da0e01033586e6\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plperl-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 37494 c19a72ab71a6bc825db4deacdeeb958e\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-plpython-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 31778 ebe11fd25482a89e4d65aca9528c7214\r\n \r\nhttp://ports.ubuntu.com/pool/universe/p/postgresql-8.4/postgresql-pltcl-8.4_8.4.3-0ubuntu9.10.1_sparc.deb\r\n Size/MD5: 30464 f9dff3eaf884c0352b07ccb301dc3533\r\n\r\n\r\n", "edition": 1, "modified": "2010-04-29T00:00:00", "published": "2010-04-29T00:00:00", "id": "SECURITYVULNS:DOC:23723", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23723", "title": "[USN-933-1] PostgreSQL vulnerability", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-0442"], "description": "Crash on substring() function in SQL.", "edition": 1, "modified": "2010-04-29T00:00:00", "published": "2010-04-29T00:00:00", "id": "SECURITYVULNS:VULN:10803", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10803", "title": "PostgreSQL DoS", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:18:25", "description": "BUGTRAQ ID: 37973\r\nCVE(CAN) ID: CVE-2010-0442\r\n\r\nPostgreSQL\u662f\u4e00\u6b3e\u9ad8\u7ea7\u5bf9\u8c61\uff0d\u5173\u7cfb\u578b\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\uff0c\u652f\u6301\u6269\u5c55\u7684SQL\u6807\u51c6\u5b50\u96c6\u3002\r\n\r\n\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528PostgreSQL\u7684bitsubstr\u51fd\u6570\u5904\u7406\u8d85\u957f\u5b57\u7b26\u4e32\u65f6\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nPostgreSQL 8.0.23\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPostgreSQL\r\n----------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.postgresql.org", "published": "2010-01-29T00:00:00", "title": "PostgreSQL bitsubstr\u51fd\u6570\u8fdc\u7a0b\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0442"], "modified": "2010-01-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19018", "id": "SSV:19018", "sourceData": "\n testdb=# select substring(B'101010101010101010101010101010101010\r\n10101010101',33,-15);\n ", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-19018"}], "nessus": [{"lastseen": "2021-04-01T07:41:44", "description": "It was discovered that PostgreSQL did not properly sanitize its input\nwhen using substring() with a SELECT statement. A remote authenticated\nattacker could exploit this to cause a denial of service via\napplication crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2010-04-29T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability (USN-933-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0442"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:postgresql", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1", "p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.3", "p-cpe:/a:canonical:ubuntu_linux:libecpg5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.4", "p-cpe:/a:canonical:ubuntu_linux:libpgtypes3", "p-cpe:/a:canonical:ubuntu_linux:libecpg-dev", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.3", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1", "p-cpe:/a:canonical:ubuntu_linux:libpq5", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1", "p-cpe:/a:canonical:ubuntu_linux:libecpg-compat3", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc", "p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.4", "p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.3", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.4", "p-cpe:/a:canonical:ubuntu_linux:libecpg6", "p-cpe:/a:canonical:ubuntu_linux:libpgtypes2", "p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib", "p-cpe:/a:canonical:ubuntu_linux:postgresql-client", "p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.4", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-933-1.NASL", "href": "https://www.tenable.com/plugins/nessus/46179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-933-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46179);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0442\");\n script_bugtraq_id(37973);\n script_xref(name:\"USN\", value:\"933-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability (USN-933-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PostgreSQL did not properly sanitize its input\nwhen using substring() with a SELECT statement. A remote authenticated\nattacker could exploit this to cause a denial of service via\napplication crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/933-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-compat3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpgtypes3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-client-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-contrib-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-doc-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plperl-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-plpython-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-pltcl-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:postgresql-server-dev-8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(6\\.06|8\\.04|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-compat2\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg-dev\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libecpg5\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpgtypes2\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq-dev\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libpq4\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-client-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-contrib-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-doc-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plperl-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-plpython-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-pltcl-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"postgresql-server-dev-8.1\", pkgver:\"8.1.20-0ubuntu0.6.06.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libecpg-compat3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libecpg-dev\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libecpg6\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpgtypes3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpq-dev\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpq5\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-client\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-client-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-contrib\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-contrib-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-doc\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-doc-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-plperl-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-plpython-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-pltcl-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"postgresql-server-dev-8.3\", pkgver:\"8.3.10-0ubuntu8.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libecpg-compat3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libecpg-dev\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libecpg6\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpgtypes3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpq-dev\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpq5\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-client\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-client-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-contrib\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-contrib-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-doc\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-doc-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-plperl-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-plpython-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-pltcl-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"postgresql-server-dev-8.3\", pkgver:\"8.3.10-0ubuntu9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libecpg-compat3\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libecpg-dev\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libecpg6\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpgtypes3\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpq-dev\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpq5\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-client\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-client-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-contrib\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-contrib-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-doc\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-doc-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-plperl-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-plpython-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-pltcl-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"postgresql-server-dev-8.4\", pkgver:\"8.4.3-0ubuntu9.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libecpg-compat2 / libecpg-compat3 / libecpg-dev / libecpg5 / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:50:46", "description": "BugTraq reports :\n\nPostgreSQL is prone to a buffer-overflow vulnerability because the\napplication fails to perform adequate boundary checks on user-supplied\ndata.\n\nAttackers can exploit this issue to execute arbitrary code with\nelevated privileges or crash the affected application.", "edition": 24, "published": "2010-03-26T00:00:00", "title": "FreeBSD : postgresql -- bitsubstr overflow (e050119b-3856-11df-b2b2-002170daae37)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0442"], "modified": "2010-03-26T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:postgresql-server"], "id": "FREEBSD_PKG_E050119B385611DFB2B2002170DAAE37.NASL", "href": "https://www.tenable.com/plugins/nessus/45348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45348);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0442\");\n script_bugtraq_id(37973);\n\n script_name(english:\"FreeBSD : postgresql -- bitsubstr overflow (e050119b-3856-11df-b2b2-002170daae37)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BugTraq reports :\n\nPostgreSQL is prone to a buffer-overflow vulnerability because the\napplication fails to perform adequate boundary checks on user-supplied\ndata.\n\nAttackers can exploit this issue to execute arbitrary code with\nelevated privileges or crash the affected application.\"\n );\n # https://vuxml.freebsd.org/freebsd/e050119b-3856-11df-b2b2-002170daae37.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a6fa9c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=7.4<7.4.28\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.0<8.0.24\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.1<8.1.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.2<8.2.16\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.3<8.3.10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"postgresql-server>=8.4<8.4.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:41", "description": "Multiple vulnerabilities was discovered and corrected in postgresql :\n\nThe bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL\n8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a\ndenial of service (daemon crash) or have unspecified other impact via\nvectors involving a negative integer in the third argument, as\ndemonstrated by a SELECT statement that contains a call to the\nsubstring function for a bit string, related to an overflow.\n(CVE-2010-0442).\n\nA flaw was found in the way the PostgreSQL server process enforced\npermission checks on scripts written in PL/Perl. A remote,\nauthenticated user, running a specially crafted PL/Perl script, could\nuse this flaw to bypass PL/Perl trusted mode restrictions, allowing\nthem to obtain sensitive information; execute arbitrary Perl scripts;\nor cause a denial of service (remove protected, sensitive data)\n(CVE-2010-1169).\n\nThe PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before\n8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4\nbefore 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the\npltcl_modules table regardless of the table's ownership and\npermissions, which allows remote authenticated users, with\ndatabase-creation privileges, to execute arbitrary Tcl code by\ncreating this table and inserting a crafted Tcl script\n(CVE-2010-1170).\n\nPostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,\n8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not\nproperly check privileges during certain RESET ALL operations, which\nallows remote authenticated users to remove arbitrary parameter\nsettings via a (1) ALTER USER or (2) ALTER DATABASE statement\n(CVE-2010-1975).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThis update provides a solution to these vulnerabilities.", "edition": 26, "published": "2010-05-21T00:00:00", "title": "Mandriva Linux Security Advisory : postgresql (MDVSA-2010:103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "modified": "2010-05-21T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64pq8.4_5", "p-cpe:/a:mandriva:linux:postgresql", "p-cpe:/a:mandriva:linux:lib64pq-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-plpgsql", "p-cpe:/a:mandriva:linux:postgresql8.4-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-plpython", "p-cpe:/a:mandriva:linux:postgresql-devel", "p-cpe:/a:mandriva:linux:postgresql8.4-plpgsql", "p-cpe:/a:mandriva:linux:postgresql8.2-server", "p-cpe:/a:mandriva:linux:postgresql8.2-contrib", "p-cpe:/a:mandriva:linux:postgresql8.3-pl", "p-cpe:/a:mandriva:linux:lib64ecpg5", "p-cpe:/a:mandriva:linux:postgresql8.4-contrib", "p-cpe:/a:mandriva:linux:postgresql8.3", "p-cpe:/a:mandriva:linux:postgresql8.4-server", "p-cpe:/a:mandriva:linux:postgresql8.3-pltcl", "p-cpe:/a:mandriva:linux:postgresql8.4-plperl", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:lib64pq8.3_5", "p-cpe:/a:mandriva:linux:postgresql8.2", "p-cpe:/a:mandriva:linux:postgresql8.4-docs", "p-cpe:/a:mandriva:linux:postgresql8.3-server", "p-cpe:/a:mandriva:linux:libecpg5", "p-cpe:/a:mandriva:linux:lib64ecpg8.3_6", "p-cpe:/a:mandriva:linux:postgresql8.2-pltcl", "p-cpe:/a:mandriva:linux:postgresql8.2-test", "p-cpe:/a:mandriva:linux:libpq-devel", "p-cpe:/a:mandriva:linux:lib64pq5", "p-cpe:/a:mandriva:linux:postgresql8.3-plperl", "p-cpe:/a:mandriva:linux:libpq8.3_5", "p-cpe:/a:mandriva:linux:postgresql8.4-pltcl", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:libecpg8.3_6", "p-cpe:/a:mandriva:linux:libpq5", "p-cpe:/a:mandriva:linux:libecpg8.4_6", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:postgresql8.4-plpython", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:lib64ecpg-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-devel", "p-cpe:/a:mandriva:linux:postgresql8.3-plpython", "p-cpe:/a:mandriva:linux:postgresql8.2-plperl", "p-cpe:/a:mandriva:linux:libpq8.4_5", "p-cpe:/a:mandriva:linux:postgresql8.4", "p-cpe:/a:mandriva:linux:postgresql8.3-devel", "p-cpe:/a:mandriva:linux:postgresql8.3-docs", "p-cpe:/a:mandriva:linux:postgresql8.3-contrib", "p-cpe:/a:mandriva:linux:postgresql8.3-plpgsql", "p-cpe:/a:mandriva:linux:postgresql8.2-pl", "p-cpe:/a:mandriva:linux:postgresql8.4-pl", "p-cpe:/a:mandriva:linux:lib64ecpg8.4_6", "p-cpe:/a:mandriva:linux:libecpg-devel", "p-cpe:/a:mandriva:linux:postgresql8.2-docs"], "id": "MANDRIVA_MDVSA-2010-103.NASL", "href": "https://www.tenable.com/plugins/nessus/46690", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:103. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46690);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_bugtraq_id(37973, 40215);\n script_xref(name:\"MDVSA\", value:\"2010:103\");\n\n script_name(english:\"Mandriva Linux Security Advisory : postgresql (MDVSA-2010:103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities was discovered and corrected in postgresql :\n\nThe bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL\n8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a\ndenial of service (daemon crash) or have unspecified other impact via\nvectors involving a negative integer in the third argument, as\ndemonstrated by a SELECT statement that contains a call to the\nsubstring function for a bit string, related to an overflow.\n(CVE-2010-0442).\n\nA flaw was found in the way the PostgreSQL server process enforced\npermission checks on scripts written in PL/Perl. A remote,\nauthenticated user, running a specially crafted PL/Perl script, could\nuse this flaw to bypass PL/Perl trusted mode restrictions, allowing\nthem to obtain sensitive information; execute arbitrary Perl scripts;\nor cause a denial of service (remove protected, sensitive data)\n(CVE-2010-1169).\n\nThe PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before\n8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4\nbefore 8.4.4, and 9.0 Beta before 9.0 Beta 2 loads Tcl code from the\npltcl_modules table regardless of the table's ownership and\npermissions, which allows remote authenticated users, with\ndatabase-creation privileges, to execute arbitrary Tcl code by\ncreating this table and inserting a crafted Tcl script\n(CVE-2010-1170).\n\nPostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,\n8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not\nproperly check privileges during certain RESET ALL operations, which\nallows remote authenticated users to remove arbitrary parameter\nsettings via a (1) ALTER USER or (2) ALTER DATABASE statement\n(CVE-2010-1975).\n\nPackages for 2008.0 and 2009.0 are provided as of the Extended\nMaintenance Program. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/support/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg8.3_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ecpg8.4_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq8.3_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64pq8.4_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg8.3_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libecpg8.4_6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq8.3_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpq8.4_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.2-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.3-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-plpgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:postgresql8.4-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ecpg-devel-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ecpg5-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pq-devel-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64pq5-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libecpg-devel-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libecpg5-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpq-devel-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpq5-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql-devel-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-contrib-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-devel-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-docs-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-pl-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-plperl-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-plpgsql-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-plpython-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-pltcl-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-server-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"postgresql8.2-test-8.2.17-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64ecpg8.3_6-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64pq8.3_5-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libecpg8.3_6-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpq8.3_5-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-contrib-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-devel-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-docs-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-pl-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-plperl-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-plpgsql-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-plpython-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-pltcl-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"postgresql8.3-server-8.3.11-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64ecpg8.3_6-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64pq8.3_5-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libecpg8.3_6-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpq8.3_5-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-contrib-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-devel-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-docs-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-pl-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-plperl-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-plpgsql-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-plpython-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-pltcl-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"postgresql8.3-server-8.3.11-0.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64ecpg8.4_6-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64pq8.4_5-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libecpg8.4_6-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpq8.4_5-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-contrib-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-devel-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-docs-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-pl-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-plperl-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-plpgsql-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-plpython-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-pltcl-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"postgresql8.4-server-8.4.4-0.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:46", "description": "Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted ('service rhdb restart') for\nthis update to take effect.", "edition": 28, "published": "2010-05-20T00:00:00", "title": "RHEL 3 : postgresql (RHSA-2010:0427)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-20T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-jdbc", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-libs", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-python", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-server", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-test", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql-contrib"], "id": "REDHAT-RHSA-2010-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/46681", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0427. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46681);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1169\", \"CVE-2010-1170\");\n script_xref(name:\"RHSA\", value:\"2010:0427\");\n\n script_name(english:\"RHEL 3 : postgresql (RHSA-2010:0427)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted ('service rhdb restart') for\nthis update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0427\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0427\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-contrib-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-devel-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-docs-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-jdbc-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-libs-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-pl-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-python-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-server-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-tcl-7.3.21-3\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"rh-postgresql-test-7.3.21-3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rh-postgresql / rh-postgresql-contrib / rh-postgresql-devel / etc\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:44:49", "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nIf the postgresql service is running, it will be automatically\nrestarted after installing this update.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100519_POSTGRESQL_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60795", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60795);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1169\", \"CVE-2010-1170\");\n\n script_name(english:\"Scientific Linux Security Update : postgresql on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nIf the postgresql service is running, it will be automatically\nrestarted after installing this update.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1005&L=scientific-linux-errata&T=0&P=1675\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1d3c18a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-contrib-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-devel-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-docs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-jdbc-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-libs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-pl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-python-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-server-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-tcl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"rh-postgresql-test-7.3.21-3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"postgresql-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-contrib-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-devel-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-docs-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-jdbc-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-libs-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-pl-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-python-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-server-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-tcl-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"postgresql-test-7.4.29-1.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"postgresql-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-contrib-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-devel-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-docs-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-libs-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-pl-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-python-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-server-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-tcl-8.1.21-1.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"postgresql-test-8.1.21-1.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:07", "description": "From Red Hat Security Advisory 2010:0427 :\n\nUpdated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted ('service rhdb restart') for\nthis update to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : postgresql (ELSA-2010-0427)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:rh-postgresql-libs", "p-cpe:/a:oracle:linux:rh-postgresql", "p-cpe:/a:oracle:linux:rh-postgresql-pl", "p-cpe:/a:oracle:linux:rh-postgresql-server", "p-cpe:/a:oracle:linux:rh-postgresql-contrib", "p-cpe:/a:oracle:linux:rh-postgresql-docs", "p-cpe:/a:oracle:linux:rh-postgresql-python", "p-cpe:/a:oracle:linux:rh-postgresql-test", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:rh-postgresql-jdbc", "p-cpe:/a:oracle:linux:rh-postgresql-devel", "p-cpe:/a:oracle:linux:rh-postgresql-tcl"], "id": "ORACLELINUX_ELSA-2010-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/68042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0427 and \n# Oracle Linux Security Advisory ELSA-2010-0427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68042);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1169\", \"CVE-2010-1170\");\n script_xref(name:\"RHSA\", value:\"2010:0427\");\n\n script_name(english:\"Oracle Linux 3 : postgresql (ELSA-2010-0427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0427 :\n\nUpdated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted ('service rhdb restart') for\nthis update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-May/001475.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rh-postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-contrib-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-contrib-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-devel-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-devel-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-docs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-docs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-jdbc-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-jdbc-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-libs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-libs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-pl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-pl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-python-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-python-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-server-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-server-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-tcl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-tcl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"rh-postgresql-test-7.3.21-3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"rh-postgresql-test-7.3.21-3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rh-postgresql / rh-postgresql-contrib / rh-postgresql-devel / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:45:59", "description": "Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2010-1169\n Tim Bunce discovered that the implementation of the\n procedural language PL/Perl insufficiently restricts the\n subset of allowed code, which allows authenticated users\n the execution of arbitrary Perl code.\n\n - CVE-2010-1170\n Tom Lane discovered that the implementation of the\n procedural language PL/Tcl insufficiently restricts the\n subset of allowed code, which allows authenticated users\n the execution of arbitrary Tcl code.\n\n - CVE-2010-1975\n It was discovered that an unprivileged user could reset\n superuser-only parameter settings.", "edition": 26, "published": "2010-05-25T00:00:00", "title": "Debian DSA-2051-1 : postgresql-8.3 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-1168"], "modified": "2010-05-25T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:postgresql-8.3"], "id": "DEBIAN_DSA-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/46710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2051. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46710);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-0442\", \"CVE-2010-1168\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1975\");\n script_bugtraq_id(37973, 40215, 40304);\n script_xref(name:\"DSA\", value:\"2051\");\n\n script_name(english:\"Debian DSA-2051-1 : postgresql-8.3 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2010-1169\n Tim Bunce discovered that the implementation of the\n procedural language PL/Perl insufficiently restricts the\n subset of allowed code, which allows authenticated users\n the execution of arbitrary Perl code.\n\n - CVE-2010-1170\n Tom Lane discovered that the implementation of the\n procedural language PL/Tcl insufficiently restricts the\n subset of allowed code, which allows authenticated users\n the execution of arbitrary Tcl code.\n\n - CVE-2010-1975\n It was discovered that an unprivileged user could reset\n superuser-only parameter settings.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the postgresql-8.3 packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 8.3.11-0lenny1. This update also introduces a fix for\nCVE-2010-0442, which was originally scheduled for the next Lenny point\nupdate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:postgresql-8.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libecpg-compat3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libecpg-dev\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libecpg6\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpgtypes3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpq-dev\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpq5\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-client\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-client-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-contrib\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-contrib-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-doc\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-doc-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-plperl-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-plpython-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-pltcl-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"postgresql-server-dev-8.3\", reference:\"8.3.11-0lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:26:19", "description": "Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted ('service rhdb restart') for\nthis update to take effect.", "edition": 27, "published": "2010-05-24T00:00:00", "title": "CentOS 3 : postgresql (CESA-2010:0427)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "modified": "2010-05-24T00:00:00", "cpe": ["p-cpe:/a:centos:centos:rh-postgresql-test", "p-cpe:/a:centos:centos:rh-postgresql-jdbc", "p-cpe:/a:centos:centos:rh-postgresql-server", "p-cpe:/a:centos:centos:rh-postgresql-pl", "p-cpe:/a:centos:centos:rh-postgresql-docs", "p-cpe:/a:centos:centos:rh-postgresql-tcl", "p-cpe:/a:centos:centos:rh-postgresql-python", "p-cpe:/a:centos:centos:rh-postgresql-devel", "p-cpe:/a:centos:centos:rh-postgresql", "p-cpe:/a:centos:centos:rh-postgresql-contrib", "cpe:/o:centos:centos:3", "p-cpe:/a:centos:centos:rh-postgresql-libs"], "id": "CENTOS_RHSA-2010-0427.NASL", "href": "https://www.tenable.com/plugins/nessus/46695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0427 and \n# CentOS Errata and Security Advisory 2010:0427 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46695);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1169\", \"CVE-2010-1170\");\n script_xref(name:\"RHSA\", value:\"2010:0427\");\n\n script_name(english:\"CentOS 3 : postgresql (CESA-2010:0427)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted ('service rhdb restart') for\nthis update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-May/016640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c74cb569\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-May/016642.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0764d878\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rh-postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-contrib-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-contrib-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-devel-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-devel-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-docs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-docs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-jdbc-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-jdbc-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-libs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-libs-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-pl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-pl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-python-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-python-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-server-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-server-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-tcl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-tcl-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"rh-postgresql-test-7.3.21-3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"rh-postgresql-test-7.3.21-3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rh-postgresql / rh-postgresql-contrib / rh-postgresql-devel / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:07", "description": "From Red Hat Security Advisory 2010:0428 :\n\nUpdated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : postgresql (ELSA-2010-0428)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1168", "CVE-2010-1447", "CVE-2009-4136"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql-pl", "p-cpe:/a:oracle:linux:postgresql-tcl", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-test", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:postgresql-devel", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-jdbc", "p-cpe:/a:oracle:linux:postgresql-python", "p-cpe:/a:oracle:linux:postgresql-libs"], "id": "ORACLELINUX_ELSA-2010-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/68043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0428 and \n# Oracle Linux Security Advisory ELSA-2010-0428 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68043);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1168\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1447\", \"CVE-2010-1975\");\n script_xref(name:\"RHSA\", value:\"2010:0428\");\n\n script_name(english:\"Oracle Linux 4 : postgresql (ELSA-2010-0428)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0428 :\n\nUpdated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-May/001473.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected postgresql packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-contrib-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-devel-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-docs-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-jdbc-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-libs-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-pl-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-python-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-server-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-tcl-7.4.29-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"postgresql-test-7.4.29-1.el4_8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:47", "description": "Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.", "edition": 27, "published": "2010-05-20T00:00:00", "title": "RHEL 4 : postgresql (RHSA-2010:0428)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1168", "CVE-2010-1447", "CVE-2009-4136"], "modified": "2010-05-20T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:postgresql-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-pl", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:postgresql-tcl", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-python", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "p-cpe:/a:redhat:enterprise_linux:postgresql-libs"], "id": "REDHAT-RHSA-2010-0428.NASL", "href": "https://www.tenable.com/plugins/nessus/46682", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0428. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46682);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4136\", \"CVE-2010-0442\", \"CVE-2010-0733\", \"CVE-2010-1168\", \"CVE-2010-1169\", \"CVE-2010-1170\", \"CVE-2010-1447\", \"CVE-2010-1975\");\n script_xref(name:\"RHSA\", value:\"2010:0428\");\n\n script_name(english:\"RHEL 4 : postgresql (RHSA-2010:0428)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated postgresql packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions\nin the Perl and Tcl languages, and are installed in trusted mode by\ndefault. In trusted mode, certain operations, such as operating system\nlevel access, are restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Perl script could use this flaw to\nbypass intended PL/Perl trusted mode restrictions, allowing them to\nrun arbitrary Perl scripts with the privileges of the database server.\n(CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was\nregistered on a particular database, an authenticated database user\nrunning a specially crafted PL/Tcl script could use this flaw to\nbypass intended PL/Tcl trusted mode restrictions, allowing them to run\narbitrary Tcl scripts with the privileges of the database server.\n(CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data\ntypes. An authenticated database user running a specially crafted SQL\nquery could use this flaw to cause a temporary denial of service\n(postgres daemon crash) or, potentially, execute arbitrary code with\nthe privileges of the database server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to\ncalculate the size of the hash table for joined relations. An\nauthenticated database user could create a specially crafted SQL query\nwhich could cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of\nthe database server. (CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the\nexecution of an index function by a database superuser during the\ndatabase maintenance operations. An authenticated database user could\nuse this flaw to elevate their privileges via specially crafted index\nfunctions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes :\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it\nwill be automatically restarted after installing this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0733\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0428\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0428\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-contrib-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-devel-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-docs-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-jdbc-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-libs-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-pl-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-python-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-server-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-tcl-7.4.29-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"postgresql-test-7.4.29-1.el4_8.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql / postgresql-contrib / postgresql-devel / etc\");\n }\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:24:34", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2051-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 24, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : postgresql-8.3\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE Id(s) : CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 \n\nSeveral local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-1169\n\n Tim Bunce discovered that the implementation of the procedural\n language PL/Perl insufficiently restricts the subset of allowed\n code, which allows authenticated users the execution of arbitrary\n Perl code.\n\nCVE-2010-1170\n\n Tom Lane discovered that the implementation of the procedural\n language PL/Tcl insufficiently restricts the subset of allowed\n code, which allows authenticated users the execution of arbitrary\n Tcl code.\n\nCVE-2010-1975\n\n It was discovered that an unprivileged user could reset\n superuser-only parameter settings.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 8.3.11-0lenny1. This update also introduces a fix for \nCVE-2010-0442, which was originally scheduled for the next Lenny point\nupdate.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.4.4-1 of postgresql-8.4.\n\nWe recommend that you upgrade your postgresql-8.3 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11.orig.tar.gz\n Size/MD5 checksum: 13913683 02472af037929fe30405d1497f07421d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.diff.gz\n Size/MD5 checksum: 50334 717569100b751cfc3c18ca82b70fd0f4\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.dsc\n Size/MD5 checksum: 1673 725fcd67e1b92cc9bd9f78c9aefa1d83\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.11-0lenny1_all.deb\n Size/MD5 checksum: 263636 9dd154ff43d8dd67cbc9e92a91156362\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.11-0lenny1_all.deb\n Size/MD5 checksum: 263608 ef90b5f536cff943601e3b12f42f18c7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.11-0lenny1_all.deb\n Size/MD5 checksum: 263506 f5c5e8f917b6275b9a25d5c4abf5a1f7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.11-0lenny1_all.deb\n Size/MD5 checksum: 2194706 0cf86f435601423485565bc69e53c837\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.11-0lenny1_all.deb\n Size/MD5 checksum: 263450 1605ce58c660805db2cf8856ec416d2d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 833060 cf22e01a9227a279be3d5338328d9f4e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 485598 ba9abe30da3eac9f42e927314c010633\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 292830 fc0a66d65d86b50de0f1fa9dc1964e6b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 282624 839273128e95d0687daaf569abcef024\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 292710 906574dc9d5dc2b64e5bcb4b2f81d841\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 292084 315ceae207f68f94b2afcf48c618de7c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 629712 1f67c09851d817774a381d97bc7e090a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 1711018 5849a68db84cebb4b844912009b2a0df\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 271898 a0d1c8b15ad1363a64535d3e92dee535\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 283656 660d866b958c59aa543796bd1b2dc06b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 5279124 00d62d1c50ceb8563bc24f5388e6618a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 488256 20ae4d402afc3e1be9738bc62c8ea4d2\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_alpha.deb\n Size/MD5 checksum: 400546 26b31f133f90081bfaac9a1642f3a100\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 5375772 1b5ef9ceba9baa46167e00b372270066\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 836896 c3eb338e2ad07ae51e75a407c2cd4bf0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 292774 836027236a48ae103a292cada977094f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 401862 57cf63727b123cf6fad17ad7d09a3e84\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 470532 2436b21aa2203eee039e2cbb45827d4e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 292804 a5093c44db8a7241ad5f67dfa8e98c28\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 292664 0e3d90165381d8acaec7594aa5cfa362\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 283080 6ddf3d08223b718ee0859d64a4149b21\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 481712 850e779fc73a4431f30c0d86342928ec\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 1711384 c0d2226a6a187fbeed9e75bc6057acca\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 271560 dabf3fc59799e0f7d263994ce0dc0bcc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 628566 e757827b14491e32ac6f006eb3e63793\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb\n Size/MD5 checksum: 285326 ad78582673618ab2836aa24ee72a18c4\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 472960 fe8cc5691416b7cc3c2b36a645adb639\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 269954 1c93e1231d8331efa77465c418c070aa\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 289502 da7726a05d45400b4c007420f56c006b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 835060 289953df2f3ac5d2c86636b06477ea7a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 389790 56c3323b35a61645e5e29d1288b87db7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 290658 2f121609743855645e629ff7c4288799\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 586654 fd1bb0fd528807e1705e46b70f0bbbfd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 1664532 d96b04e7b6f0a535d1abe5e8835c9927\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 455990 fc96a2cf7b95cf6129f6c5284992908e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 282142 9ecdcf1b777ec05dde7bbbd799a6b052\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 290180 74e6d4c162e50b4fdbeafde67c11c066\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 283922 3350c2daef586c1130b21108ade5bd88\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_arm.deb\n Size/MD5 checksum: 5245868 0c3afc1a8d08f7ebb4ae25ddba496ae3\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 282518 7ca3b28c51910f1639028a9a95c142b9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 477594 07ca162be9f7d2bdf7b272d3489a4078\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 270164 abbf91c0a56544410dc8c39727caa231\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 603264 4464cbcf14d57c0ea0525985629d489d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 835784 11369732566ab84ab578f3bb88ac151b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 1672178 97017b022b8acab8642de6c1c0545ec3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 291848 db619c0061dd08c44ec211432a33b6dd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 387204 3dbbfd3201c6d386852360f75d864bf6\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 5258502 3db482fa20df2112db0091a7d290b27b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 455958 1abb02fe9aa6194ac0c9efd790eb2fa0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 284068 2f22508bad6ef53dcfc709db439c7123\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 293810 ae788af24d7e4e8eb6dcc72e9d3d49d1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_armel.deb\n Size/MD5 checksum: 290648 f20e48398eac9999268acf45ee0a0f0e\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 272004 64bfabaf99c79a0ddce3578329404e90\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 641828 f12c53161379b705bc019c05bfe89637\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 1745616 2aa0b084e9f8a00d4f82a94b44bdd169\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 489012 96de40a2655bb0e854e962782aa24323\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 294706 fc695557d42cccad92de8ff27964ade9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 295712 c28d6c588d0e113d189aac09a027bdc9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 475034 cb05559ac8ccb25623bd8c74782aa70f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 284658 a8eb118508191a2c6fdcf03ce85e9951\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 297382 ed3e0639baed2c8aa65f71c5725beabc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 286796 24f6f7b7a635c186e80190dc81935b77\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 838992 94d1e8a875126447a30ec39e5cb8ec79\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 405388 ab55a8f837c66d4024df0b1150cd3ca9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_hppa.deb\n Size/MD5 checksum: 5829748 e1dbe9fb61b83dbccb6f9f59f33a436c\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 5255786 ce7947b358fff8ab6f1bfe7d1c0c0a4e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 835736 509389e561b76d8784166acd313687dd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 291080 fa0f8a1ce1b8e81af56daa3ecd13f4a2\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 291824 3f0824fa2792813d40c81375c0b39ebc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 1677900 01a1ec4f0da6b1e39b9b67d59d98cc3a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 282388 914133383cd75de657b210c8afd7c2ed\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 461084 2cbf6ca577c60ba3dfa7440e4da25283\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 473852 1b34ceb28f69243090c0b82f910f44b1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 282662 22e424fa9f4c2a0839b034ec7d3a9ffc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 292330 4c9a2f38e64fbe8f6a5b7bc9f7c55402\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 394346 43f4b3f1c8eca35a06c616e82219eedc\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 593030 4e891fb5f83bdeab2818ada13c7accb4\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_i386.deb\n Size/MD5 checksum: 270770 fb1087795e4567e418b3029090a25e8e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 743282 fcc0d5c7a5293f4f39978d8ae10f8591\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 273658 7b4f4c4e5a48ec9d371d5b6c95a9d2c9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 534538 d2525fd072531449509a0f88ee95308c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 297310 898bfe967df5ee0454ea3788a2c8f45e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 509026 cbcad8a1a040e0a8325ed3ca81b584a3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 304136 6e78aa7beaaf01773dc69b0033c9f7d8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 306870 13fa1fa60d2ae7528024decd71fb6923\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 6289748 93e99ce8ffb6d581ae37ebef5fe5ad70\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 289588 5f7042d1b8389bbad92a2f9211fbeb44\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 844568 9e9c5276b894cc11310834ede88e465c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 1890002 dc219d099edc208dd2abf5be19704408\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 425888 7ff059573bd46379e2c9aa7bcaf0a093\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_ia64.deb\n Size/MD5 checksum: 308946 4f29e0f8e29c9e57b5d7c451599b370f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 836436 db57d0415721cedf391139864657805c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 282870 e4ed274ed7d27a9db736d4314069cf79\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 472644 ba0b1ef71e28b992bec49f254a2b5b1a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 293404 cddea3863e6e3e011b0a4d00c3ce54f1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 593662 f9e736d98dd2cc7e71445cc27e439689\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 472994 cf36b149f66678314ec2273af9c1c8b0\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 290904 9f6ac8eb332d6a374755ebb2504611cd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 281652 31ada2a1e9a28c84d0fb7a084363bb0e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 5587414 282c8cd55b44816ec56c18524578e0c4\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 1694716 1a47e9ce68b8ff525e417992ec31ebf4\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 285864 17f29a29f86d77103c601a8019f19448\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 269704 7fb4039990d2b7c391e0b780fe2db663\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_mips.deb\n Size/MD5 checksum: 395316 892ba66f6b8d4f5596996d3f2b1005c3\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 286032 c5beab7d9650cdcd2ba1600b612d974f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 1688486 3a327c8c8ac6e4080fce5f0eaeed0ce9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 588432 bbdcd971025a8e15ad4881188397188c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 393938 5475333da86294081f324acb4dfe71cd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 270160 c5ec94cf7ee248e584827780d1341b70\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 5227666 5613b554da7bb94c42b9082cdfa9a7aa\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 829842 0281839e4cdf4c6bcf60dbf623930152\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 469464 9909eee5caa2dd33bccdd474790908f7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 282730 d6d7824c38ab11db540a859705bc8362\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 471782 11d7e55f7f79e6663ff23ca3c323accf\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 290814 352096495a561cfcc786fd96591d3d5b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 281726 eceae658540981670c2b867b26420cc9\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_mipsel.deb\n Size/MD5 checksum: 293644 22f5c66ea0f1933a5db18439f50e9046\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 293934 f9a70aebf11f8e832dfc338baa5fc0ca\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 5733422 9073ec575403d28c181cc66a4e00ed82\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 397610 894eeeae5997d2b3ea36ac1e04d84d7d\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 286274 0d8906aa296ace1706125a23e65a01ca\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 271362 1b59fb5564bc6a1d5965d391354604f1\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 675216 7640f941a0d270cadafc5ad3d7da3c55\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 838168 5385aeb42872bf9c3e65eb889f7ba4ba\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 295608 149e72fb3e792fb42d009e6ca2ee7733\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 293786 d54438da4ea1cbda5a2ee52a62987ba7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 284710 e643414ac256226b7ded77fa9d8d1704\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 466834 c9b11d289c04ce70215ea0435dab59ea\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 1738298 5f0662e4ba2aa7eea01506f36c3355d7\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_powerpc.deb\n Size/MD5 checksum: 477434 263cc61a74244d6e52f47b54810c02db\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 831670 333d657b8ddb4c1e8faaf439076f557c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 294090 070519cc8983496f4652182c15dd3eed\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 271318 ad2f51a8a2500b975e4e8a851d4a892b\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 634554 aaf93b693cb8656a8ba6929e0c963b22\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 486432 3add85eb35a26382cd81b33e67d0f892\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 282732 985ef02b86a22db4d47a3cfed7b1ffb3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 284996 e6d501a30aa744478400a90ec53d06fb\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 294138 f1ac682321080de637e1fab2bba6f88c\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 1728470 ad27d5d6c693bfb9cc15751c70fac196\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 290006 9a4a7041270702799acc404f4ac7dcca\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 471334 3cf82c61845a0e6c196012fe3c19a945\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 402138 d6d9892459b9689ccb0cb842d977d592\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_s390.deb\n Size/MD5 checksum: 5766242 715a7a6646c875bfa0a3e7ba9ca3d1ad\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 289250 30ca0db3ebf321ab7d80c410b488810a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 392720 7331446d08f5f6c36918a8a3acaefd7f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 288950 f0d2b39c1f23ccc98e525bda8b28ae6f\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 288910 15250277b9985545a801a6d342c1c3e5\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 5468534 a085b02736ec16113b82c53cc6cddc3a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 457198 b0a3449d8ca2511ae778e5cb852f897a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 1671324 8d96985e292dfbd97625453689c0b668\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 585400 519f6486e1fe5dfaf3443e3ea8172dbd\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 836060 55e1a83ca5b4cdadf12268168075f3b3\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 269778 58eb626b5cb5d93c20f60b98490af13e\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 281124 cba572e5b5b4779dbc524417f549f1d8\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 281836 263c5bea85ae065f55606fd0d97ada7a\n http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_sparc.deb\n Size/MD5 checksum: 462776 cbaf37213c34d66d2d0d053fbd89a4ce\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-05-24T16:00:34", "published": "2010-05-24T16:00:34", "id": "DEBIAN:DSA-2051-1:DF8B6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00093.html", "title": "[SECURITY] [DSA 2051-1] New postgresql-8.3 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-07-17T03:32:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0427\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028678.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028680.html\n\n**Affected packages:**\nrh-postgresql\nrh-postgresql-contrib\nrh-postgresql-devel\nrh-postgresql-docs\nrh-postgresql-jdbc\nrh-postgresql-libs\nrh-postgresql-pl\nrh-postgresql-python\nrh-postgresql-server\nrh-postgresql-tcl\nrh-postgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0427.html", "edition": 6, "modified": "2010-05-21T22:08:29", "published": "2010-05-21T22:01:26", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028678.html", "id": "CESA-2010:0427", "title": "rh security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0428\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028683.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028684.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-jdbc\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0428.html", "edition": 5, "modified": "2010-05-21T22:23:21", "published": "2010-05-21T22:22:02", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028683.html", "id": "CESA-2010:0428", "title": "postgresql security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:01", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0429\n\n\nPostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028688.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-May/028690.html\n\n**Affected packages:**\npostgresql\npostgresql-contrib\npostgresql-devel\npostgresql-docs\npostgresql-libs\npostgresql-pl\npostgresql-python\npostgresql-server\npostgresql-tcl\npostgresql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0429.html", "edition": 5, "modified": "2010-05-28T10:45:13", "published": "2010-05-28T10:45:13", "href": "http://lists.centos.org/pipermail/centos-announce/2010-May/028688.html", "id": "CESA-2010:0429", "title": "postgresql security update", "type": "centos", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:40", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. Running\nPostgreSQL instances must be restarted (\"service rhdb restart\") for this\nupdate to take effect.\n", "modified": "2018-05-26T04:26:17", "published": "2010-05-19T04:00:00", "id": "RHSA-2010:0427", "href": "https://access.redhat.com/errata/RHSA-2010:0427", "type": "redhat", "title": "(RHSA-2010:0427) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:23", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1975"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 7.4.29. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/7.4/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "modified": "2017-09-08T11:51:43", "published": "2010-05-19T04:00:00", "id": "RHSA-2010:0428", "href": "https://access.redhat.com/errata/RHSA-2010:0428", "type": "redhat", "title": "(RHSA-2010:0428) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4136", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-1169", "CVE-2010-1170", "CVE-2010-1975"], "description": "PostgreSQL is an advanced object-relational database management system\n(DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the\nPerl and Tcl languages, and are installed in trusted mode by default. In\ntrusted mode, certain operations, such as operating system level access,\nare restricted.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Perl. If the PL/Perl procedural language was\nregistered on a particular database, an authenticated database user running\na specially-crafted PL/Perl script could use this flaw to bypass intended\nPL/Perl trusted mode restrictions, allowing them to run arbitrary Perl\nscripts with the privileges of the database server. (CVE-2010-1169)\n\nRed Hat would like to thank Tim Bunce for responsibly reporting the\nCVE-2010-1169 flaw.\n\nA flaw was found in the way PostgreSQL enforced permission checks on\nscripts written in PL/Tcl. If the PL/Tcl procedural language was registered\non a particular database, an authenticated database user running a\nspecially-crafted PL/Tcl script could use this flaw to bypass intended\nPL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl\nscripts with the privileges of the database server. (CVE-2010-1170)\n\nA buffer overflow flaw was found in the way PostgreSQL retrieved a\nsubstring from the bit string for BIT() and BIT VARYING() SQL data types.\nAn authenticated database user running a specially-crafted SQL query could\nuse this flaw to cause a temporary denial of service (postgres daemon\ncrash) or, potentially, execute arbitrary code with the privileges of the\ndatabase server. (CVE-2010-0442)\n\nAn integer overflow flaw was found in the way PostgreSQL used to calculate\nthe size of the hash table for joined relations. An authenticated database\nuser could create a specially-crafted SQL query which could cause a\ntemporary denial of service (postgres daemon crash) or, potentially,\nexecute arbitrary code with the privileges of the database server.\n(CVE-2010-0733)\n\nPostgreSQL improperly protected session-local state during the execution of\nan index function by a database superuser during the database maintenance\noperations. An authenticated database user could use this flaw to elevate\ntheir privileges via specially-crafted index functions. (CVE-2009-4136)\n\nThese packages upgrade PostgreSQL to version 8.1.21. Refer to the\nPostgreSQL Release Notes for a list of changes:\n\nhttp://www.postgresql.org/docs/8.1/static/release.html\n\nAll PostgreSQL users are advised to upgrade to these updated packages,\nwhich correct these issues. If the postgresql service is running, it will\nbe automatically restarted after installing this update.\n", "modified": "2017-09-08T12:16:35", "published": "2010-05-19T04:00:00", "id": "RHSA-2010:0429", "href": "https://access.redhat.com/errata/RHSA-2010:0429", "type": "redhat", "title": "(RHSA-2010:0429) Moderate: postgresql security update", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "description": "[7.3.21-3]\n- Fix CVE-2010-1169, CVE-2010-1170, CVE-2009-4136, CVE-2010-0733, CVE-2010-0442\n via back-ports of upstream patches for Postgres 7.4\nResolves: #589541", "edition": 4, "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "ELSA-2010-0427", "href": "http://linux.oracle.com/errata/ELSA-2010-0427.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-4136"], "description": "[8.1.21-1.el5_5.1]\n- Update to PostgreSQL 8.1.21 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/8.1/static/release.html\nResolves: #586058", "edition": 4, "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "ELSA-2010-0429", "href": "http://linux.oracle.com/errata/ELSA-2010-0429.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2009-0922", "CVE-2009-3230", "CVE-2009-4136"], "description": "[7.4.29-1.el4_8.1]\n- Update to PostgreSQL 7.4.29 to fix CVE-2010-1169, CVE-2010-1170,\n CVE-2009-4136, CVE-2010-0733, CVE-2010-0442, and assorted other bugs\n described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #586056\n[7.4.26-1.el4_8.1]\n- Update to PostgreSQL 7.4.26 to fix CVE-2009-0922, CVE-2009-3230,\n and assorted other bugs described at\n http://www.postgresql.org/docs/7.4/static/release.html\nResolves: #525282", "edition": 4, "modified": "2010-05-19T00:00:00", "published": "2010-05-19T00:00:00", "id": "ELSA-2010-0428", "href": "http://linux.oracle.com/errata/ELSA-2010-0428.html", "title": "postgresql security update", "type": "oraclelinux", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1170", "CVE-2010-1975", "CVE-2010-3433", "CVE-2010-1169", "CVE-2010-0442", "CVE-2010-0733", "CVE-2010-4015", "CVE-2009-0922", "CVE-2011-2483", "CVE-2009-3231", "CVE-2009-3230", "CVE-2009-4034", "CVE-2009-3229", "CVE-2010-1447", "CVE-2009-4136"], "edition": 1, "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the \"intarray\" module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 8.2 users should upgrade to the latest 8.2 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 users should upgrade to the latest 8.3 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 users should upgrade to the latest 8.4 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 users should upgrade to the latest 9.0 base version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-base-9.0.5:9.0\"\n \n\nAll PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.2.22:8.2\"\n \n\nAll PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.3.16:8.3\"\n \n\nAll PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-8.4.9:8.4\"\n \n\nAll PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-db/postgresql-server-9.0.5:9.0\"\n \n\nThe old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: \n \n \n # emerge --unmerge \"dev-db/postgresql\"", "modified": "2012-03-05T00:00:00", "published": "2011-10-25T00:00:00", "id": "GLSA-201110-22", "href": "https://security.gentoo.org/glsa/201110-22", "type": "gentoo", "title": "PostgreSQL: Multiple vulnerabilities", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
