| id | 43167 |
|---|
| Risiko | other |
|---|
| Familie | Mandriva Local Security Checks |
|---|
| Kategori | infos |
|---|
| Navn | MDVSA-2009:333: postgresql |
|---|
| Sammenfatning | Check for the version of the postgresql package |
|---|
| Beskrivelse | Synopsis :
The remote host is missing the patch for the advisory MDVSA-2009:333 (postgresql).
Description :
Multiple vulnerabilities was discovered and corrected in postgresql:
NULL Bytes in SSL Certificates can be used to falsify client or server
authentication. This only affects users who have SSL enabled, perform
certificate name validation or client certificate authentication,
and where the Certificate Authority (CA) has been tricked into
issuing invalid certificates. The use of a CA that can be trusted to
always issue valid certificates is recommended to ensure you are not
vulnerable to this issue (CVE-2009-4034).
Privilege escalation via changing session state in an index
function. This closes a corner case related to vulnerabilities
CVE-2009-3230 and CVE-2007-6600 (CVE-2009-4136).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update provides a solution to these vulnerabilities.
See also :
http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:333
Solution :
Apply the newest security patches from Mandriva.
Risk factor :
Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
|
|---|
| CVE |
CVE-2009-3230,CVE-2009-4034,CVE-2009-4136 |
| Bugtraq |
NOBID |
| Copyright |
(C) 2009 Tenable Network Security |