Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

A stack-based buffer overflow flaw was found in the way PostgreSQL
processed certain tokens from a SQL query when the intarray module was
enabled on a particular database. An authenticated database user
running a specially crafted SQL query could use this flaw to cause a
temporary denial of service (postgres daemon crash) or, potentially,
execute arbitrary code with the privileges of the database server.

These updated postgresql84 packages upgrade PostgreSQL to version
8.4.7. Refer to the PostgreSQL Release Notes for a full list of
changes :

If the postgresql service is running, it will be automatically
restarted after installing this update.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60950 ()

Bugtraq ID:

CVE ID: CVE-2010-4015