oval:org.mitre.oval:def:7844

Definition Id: oval:org.mitre.oval:def:7844

Oval ID:	oval:org.mitre.oval:def:7844
Title:	DSA-1460 postgresql-8.1 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. The old stable distribution (sarge), doesn't contain postgresql-8.1. For the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. For the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. We recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.
Family:	unix	Class:	patch
Reference(s):	DSA-1460 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	postgresql-8.1
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND postgresql-doc-8.1 is earlier than 8.1.11-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section postgresql-client-8.1 is earlier than 8.1.11-0etch1 AND postgresql-8.1 is earlier than 8.1.11-0etch1 AND postgresql-pltcl-8.1 is earlier than 8.1.11-0etch1 AND libecpg5 is earlier than 8.1.11-0etch1 AND postgresql-contrib-8.1 is earlier than 8.1.11-0etch1 AND postgresql-server-dev-8.1 is earlier than 8.1.11-0etch1 AND postgresql-plpython-8.1 is earlier than 8.1.11-0etch1 AND libecpg-dev is earlier than 8.1.11-0etch1 AND libpgtypes2 is earlier than 8.1.11-0etch1 AND libpq4 is earlier than 8.1.11-0etch1 AND libpq-dev is earlier than 8.1.11-0etch1 AND postgresql-plperl-8.1 is earlier than 8.1.11-0etch1 AND libecpg-compat2 is earlier than 8.1.11-0etch1

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7844

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0314s

Facebook rss twitter linkedin mail