oval:org.mitre.oval:def:8199

Definition Id: oval:org.mitre.oval:def:8199

Oval ID:	oval:org.mitre.oval:def:8199
Title:	DSA-1463 postgresql-7.4 -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bounds read, resulting in a crash. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive resource consumption. This constitutes only a security problem if an application using PostgreSQL processes regular expressions from untrusted sources. Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. For the old stable distribution (sarge), some of these problems have been fixed in version 7.4.7-6sarge6 of the postgresql package. Please note that the fix for CVE-2007-6600 and for the handling of regular expressions haven’t been backported due to the intrusiveness of the fix. We recommend to upgrade to the stable distribution if these vulnerabilities affect your setup. For the stable distribution (etch), these problems have been fixed in version 7.4.19-0etch1. The unstable distribution (sid) no longer contains postgres-7.4. We recommend that you upgrade your postgresql-7.4 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1463 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601	Version:	3
Platform(s):	Debian GNU/Linux 4.0 Debian GNU/Linux 3.1	Product(s):	postgresql-7.4
Definition Synopsis:
Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section postgresql-server-dev-7.4 is earlier than 7.4.19-0etch1 AND postgresql-doc-7.4 is earlier than 7.4.19-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section postgresql-7.4 is earlier than 7.4.19-0etch1 AND postgresql-plpython-7.4 is earlier than 7.4.19-0etch1 AND postgresql-contrib-7.4 is earlier than 7.4.19-0etch1 AND postgresql-client-7.4 is earlier than 7.4.19-0etch1 AND postgresql-plperl-7.4 is earlier than 7.4.19-0etch1 AND postgresql-pltcl-7.4 is earlier than 7.4.19-0etch1 OR Release section Debian GNU/Linux 3.1 is installed AND Architecture section Architecture independent section Installed architecture is all AND postgresql-doc is earlier than 7.4.7-6sarge6 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is m68k AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section libpgtcl is earlier than 7.4.7-6sarge6 AND postgresql is earlier than 7.4.7-6sarge6 AND libecpg4 is earlier than 7.4.7-6sarge6 AND postgresql-contrib is earlier than 7.4.7-6sarge6 AND libpq3 is earlier than 7.4.7-6sarge6 AND libecpg-dev is earlier than 7.4.7-6sarge6 AND libpgtcl-dev is earlier than 7.4.7-6sarge6 AND postgresql-dev is earlier than 7.4.7-6sarge6 AND postgresql-client is earlier than 7.4.7-6sarge6

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:8199

Definition Id: oval:org.mitre.oval:def:7692

Oval ID:	oval:org.mitre.oval:def:7692
Title:	Debian GNU/Linux 3.1 is installed
Description:	Debian GNU/Linux 3.1 (sarge) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:3.1	Version:	7
Platform(s):	Debian GNU/Linux 3.1	Product(s):
Definition Synopsis:
Debian GNU/Linux 3.1 is installed
Referenced By:
oval:org.mitre.oval:def:8199

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0417s

Facebook rss twitter linkedin mail