Lucene search
CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64
🗓️ 30 Jul 2012 00:00:00Reported by Copyright (C) 2012 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 35 Views
Update for CentOS postgresql84 package CESA-2011:1378
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
| SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035 | 27 Aug 201100:00 | – | openvas |
| Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin) | 23 Dec 201100:00 | – | openvas |
| SUSE: Security Advisory for glibc, pam-modules, libxcrypt, pwdutils (SUSE-SA:2011:035) | 27 Aug 201100:00 | – | openvas |
| RedHat Update for postgresql84 RHSA-2011:1378-01 | 21 Oct 201100:00 | – | openvas |
| CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64 | 30 Jul 201200:00 | – | openvas |
| Amazon Linux: Security Advisory (ALAS-2011-12) | 8 Sep 201500:00 | – | openvas |
| RedHat Update for postgresql RHSA-2011:1377-01 | 21 Oct 201100:00 | – | openvas |
| Mandriva Update for postgresql MDVSA-2011:161 (postgresql) | 31 Oct 201100:00 | – | openvas |
| CentOS Update for postgresql CESA-2011:1377 centos5 i386 | 21 Oct 201100:00 | – | openvas |
| Mandriva Update for postgresql MDVSA-2011:161 (postgresql) | 31 Oct 201100:00 | – | openvas |
10
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.881408");
script_version("2023-07-10T08:07:43+0000");
script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
script_tag(name:"creation_date", value:"2012-07-30 17:48:36 +0530 (Mon, 30 Jul 2012)");
script_cve_id("CVE-2011-2483");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_xref(name:"CESA", value:"2011:1378");
script_name("CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2011-October/018118.html");
script_xref(name:"URL", value:"http://www.postgresql.org/docs/8.4/static/release.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql84'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
script_tag(name:"affected", value:"postgresql84 on CentOS 5");
script_tag(name:"solution", value:"Please install the updated packages.");
script_tag(name:"insight", value:"PostgreSQL is an advanced object-relational database management system
(DBMS).
A signedness issue was found in the way the crypt() function in the
PostgreSQL pgcrypto module handled 8-bit characters in passwords when using
Blowfish hashing. Up to three characters immediately preceding a non-ASCII
character (one with the high bit set) had no effect on the hash result,
thus shortening the effective password length. This made brute-force
guessing more efficient as several different passwords were hashed to the
same value. (CVE-2011-2483)
Note: Due to the CVE-2011-2483 fix, after installing this update some users
may not be able to log in to applications that store user passwords, hashed
with Blowfish using the PostgreSQL crypt() function, in a back-end
PostgreSQL database. Unsafe processing can be re-enabled for specific
passwords (allowing affected users to log in) by changing their hash prefix
to '$2x$'.
These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9.
Refer to the linked PostgreSQL Release Notes for a full list of changes.
All PostgreSQL users are advised to upgrade to these updated packages,
which correct this issue. If the postgresql service is running, it will be
automatically restarted after installing this update.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS5")
{
if ((res = isrpmvuln(pkg:"postgresql84", rpm:"postgresql84~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-contrib", rpm:"postgresql84-contrib~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-devel", rpm:"postgresql84-devel~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-docs", rpm:"postgresql84-docs~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-libs", rpm:"postgresql84-libs~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-plperl", rpm:"postgresql84-plperl~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-plpython", rpm:"postgresql84-plpython~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-pltcl", rpm:"postgresql84-pltcl~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-python", rpm:"postgresql84-python~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-server", rpm:"postgresql84-server~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-tcl", rpm:"postgresql84-tcl~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"postgresql84-test", rpm:"postgresql84-test~8.4.9~1.el5_7.1", rls:"CentOS5")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo30 Jul 2012 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS25
EPSS0.01152