This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
Fix incorrect password transformation in contrib/pgcrypto's DES
crypt() function (Solar Designer). If a password string contained the
byte value 0x80, the remainder of the password was ignored, causing
the password to be much weaker than it appeared. With this fix, the
rest of the string is properly included in the DES hash. Any stored
password values that are affected by this bug will thus no longer
match, so the stored values may need to be updated (CVE-2012-2143).
Ignore SECURITY DEFINER and SET attributes for a procedural language's
call handler (Tom Lane). Applying such attributes to a call handler
could crash the server (CVE-2012-2655).
This advisory provides the latest versions of PostgreSQL that is not
vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.7
Public Exploit Available : true