MiracleLinux 4 : postgresql-8.4.9-1.1.0.1.AXS4 (AXSA:2012-153:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-153:01 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and...

Linux Distros Unpatched Vulnerability : CVE-2011-2483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit...

RHEL 3 : rh-postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cryptblowfish: 8-bit character mishandling allows different password pairs to produce the same hash CVE-2011-2483...

SUSE: Security Advisory (SUSE-SU-2012:1336-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2011-1423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2011-1378)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2011-12)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)

PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service stack...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)

This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected...

openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)

The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on default. This update fixes the regression. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)

The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected passwords are potentially faster to crack via brute-force methods CVE-2011-2483. SUSE's crypt implementation supports the blowfish password hashing...

openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash CVE-2011-2483. After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly...

openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)

The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on default. This update fixes the regression. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)

The crypt3 manpage was updated to also list the 2y prefix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update man-pages-5032. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)

The crypt3 manpage was updated to also list the 2y prefix. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update man-pages-5032. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)

This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters e.g. umlauts. Affected...

Amazon Linux AMI : postgresql (ALAS-2011-12)

A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the high bit set had no effect on the hash result, thus...

Oracle Linux 5 : postgresql84 (ELSA-2011-1378)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1378 advisory. 8.4.9-1.el57.1 - Update to PostgreSQL 8.4.9, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-9.html...

Oracle Linux 6 : php (ELSA-2012-1046)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-1046 advisory. - add security fix for CVE-2010-2950 - fix tests for CVE-2012-2143, CVE-2012-0789 - add fix for CVE-2012-2336 - add security fixes for CVE-2012-0781,...