Gentoo Security Advisory GLSA 201110-22 (postgresql-server Postgresql-base) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201110-22.

Solution

All PostgreSQL 8.2 users should upgrade to the latest 8.2 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.2.22:8.2' All PostgreSQL 8.3 users should upgrade to the latest 8.3 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.3.16:8.3' All PostgreSQL 8.4 users should upgrade to the latest 8.4 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-8.4.9:8.4' All PostgreSQL 9.0 users should upgrade to the latest 9.0 base version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-base-9.0.5:9.0' All PostgreSQL 8.2 server users should upgrade to the latest 8.2 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.2.22:8.2' All PostgreSQL 8.3 server users should upgrade to the latest 8.3 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.3.16:8.3' All PostgreSQL 8.4 server users should upgrade to the latest 8.4 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.4.9:8.4' All PostgreSQL 9.0 server users should upgrade to the latest 9.0 server version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-9.0.5:9.0' The old unsplit PostgreSQL packages have been removed from portage. Users still using them are urged to migrate to the new PostgreSQL packages as stated above and to remove the old package: # emerge --unmerge 'dev-db/postgresql' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-22 http://bugs.gentoo.org/show_bug.cgi?id=261223 http://bugs.gentoo.org/show_bug.cgi?id=284274 http://bugs.gentoo.org/show_bug.cgi?id=297383 http://bugs.gentoo.org/show_bug.cgi?id=308063 http://bugs.gentoo.org/show_bug.cgi?id=313335 http://bugs.gentoo.org/show_bug.cgi?id=320967 http://bugs.gentoo.org/show_bug.cgi?id=339935 http://bugs.gentoo.org/show_bug.cgi?id=353387 http://bugs.gentoo.org/show_bug.cgi?id=384539

Insight

Multiple vulnerabilities in the PostgreSQL server and client allow remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service.

Severity

Classification

CVE	CVE-2009-0922, CVE-2009-3229, CVE-2009-3230, CVE-2009-3231, CVE-2009-4034, CVE-2009-4136, CVE-2010-0442, CVE-2010-0733, CVE-2010-1169, CVE-2010-1170, CVE-2010-1447, CVE-2010-1975, CVE-2010-3433, CVE-2010-4015, CVE-2011-2483

CVSS	Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base)

Take action and discover your vulnerabilities