MiracleLinux 3 : postgresql-8.1.23-4.0.1.AXS3 (AXSA:2012-570:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-570:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselect...

Linux Distros Unpatched Vulnerability : CVE-2012-0866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission...

SUSE: Security Advisory (SUSE-SU-2012:0702-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Code Execution

PostgreSQL is an advanced object-relational database management system DBMS. The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL...

Oracle: Security Advisory (ELSA-2012-0678)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : postgresql (openSUSE-SU-2012:1173-1)

Postgresql was updated to the security and bugfix release 9.1.3 : - Require execute permission on the trigger function for 'CREATE TRIGGER' CVE-2012-0866, bnc749299. - Remove arbitrary limitation on length of common name in SSL certificates CVE-2012-0867, bnc749301. - Convert newlines to spaces i...

openSUSE Security Update : postgresql (openSUSE-SU-2012:0480-1)

Security and bugfix release 9.1.3 : - Require execute permission on the trigger function for 'CREATE TRIGGER' CVE-2012-0866, bnc749299. - Remove arbitrary limitation on length of common name in SSL certificates CVE-2012-0867, bnc749301. - Convert newlines to spaces in names written in pgdump...

Amazon Linux AMI : postgresql8 (ALAS-2012-82)

The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by a SQL command. This SQL command might then be executed by a privileged user during later restore of the...

Oracle Linux 5 : postgresql (ELSA-2012-0677)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0677 advisory. - Back-port upstream fixes for CVE-2012-0866 and CVE-2012-0868 Resolves: 812070 Tenable has extracted the preceding description block directly from the...

Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)

The remote host is missing updates announced in advisory GLSA 201209-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Fedora Update for postgresql FEDORA-2012-12156

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120521)

PostgreSQL is an advanced object-relational database management system DBMS. The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by a SQL command. This SQL comma...

CentOS Update for postgresql84 CESA-2012:0678 centos5

Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2012:0678 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

CentOS Update for postgresql CESA-2012:0677 centos5

Check for the Version of postgresql OpenVAS Vulnerability Test CentOS Update for postgresql CESA-2012:0677 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for postgresql CESA-2012:0678 centos6

Check for the Version of postgresql OpenVAS Vulnerability Test CentOS Update for postgresql CESA-2012:0678 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for postgresql CESA-2012:0677 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for postgresql CESA-2012:0678 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-0866

CVE-2012-0866 affects PostgreSQL components where CREATE TRIGGER does not properly check the execute permission for trigger functions marked SECURITY DEFINER. Versions vulnerable: 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3. Impact: remote authenticated us...

CVE-2012-0866

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on...

Vulnerability in core server (CVE-2012-0866)

Permissions on a function called by a trigger are not properly checked...