Fedora 17 : postgresql-9.1.5-1.fc17 (2012-12165)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Update to PostgreSQL 9.1.5, for various fixes described at
http://www.postgresql.org/docs/9.1/static/release-9-1-5.html including
the fixes for CVE-2012-3488, CVE-2012-3489

Configure postmaster to create Unix-domain sockets in both
/var/run/postgresql and /tmp; the former is now the default place for
libpq to contact the postmaster. This works around problems with
clients running in a PrivateTmp context.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
https://bugzilla.redhat.com/show_bug.cgi?id=849172
https://bugzilla.redhat.com/show_bug.cgi?id=849173
http://www.nessus.org/u?617efb37

Solution :

Update the affected postgresql package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 61672 ()

Bugtraq ID: 55072
55074

CVE ID: CVE-2012-3488
CVE-2012-3489

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now