Gentoo Security Advisory GLSA 201209-24 (PostgreSQL) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201209-24.

Solution

All PostgreSQL 9.1 server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-9.1.5' All PostgreSQL 9.0 server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-9.0.9' All PostgreSQL 8.4 server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.4.13' All PostgreSQL 8.3 server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-db/postgresql-server-8.3.20' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-24 http://bugs.gentoo.org/show_bug.cgi?id=406037 http://bugs.gentoo.org/show_bug.cgi?id=419727 http://bugs.gentoo.org/show_bug.cgi?id=431766

Insight

Multiple vulnerabilities have been found in PostgreSQL which may allow a remote attacker to conduct several attacks.

Severity

Classification

CVE CVE-2012-0866, CVE-2012-0867, CVE-2012-0868, CVE-2012-2143, CVE-2012-2655, CVE-2012-3488, CVE-2012-3489

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities