Mandriva Linux Security Advisory : postgresql (MDVSA-2011:161)

Medium Nessus Plugin ID 56627

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

A vulnerability was discovered and corrected in postgresql :

contrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be (CVE-2011-2483).

Additionally corrected ossp-uuid packages as well as corrected support in postgresql 9.0.x are being provided for Mandriva Linux 2011.

This update provides a solution to this vulnerability.

Solution

Update the affected packages.

See Also

http://www.postgresql.org/docs/8.3/static/release-8-3-15.html

http://www.postgresql.org/docs/8.3/static/release-8-3-16.html

http://www.postgresql.org/docs/8.4/static/release-8-4-8.html

http://www.postgresql.org/docs/8.4/static/release-8-4-9.html

http://www.postgresql.org/docs/9.0/static/release-9-0-5.html

http://www.postgresql.org/support/security

Plugin Details

Severity: Medium

ID: 56627

File Name: mandriva_MDVSA-2011-161.nasl

Version: $Revision: 1.7 $

Type: local

Published: 2011/10/25

Modified: 2016/05/17

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64ecpg8.4_6, p-cpe:/a:mandriva:linux:lib64ecpg9.0_6, p-cpe:/a:mandriva:linux:lib64ossp-uuid++16, p-cpe:/a:mandriva:linux:lib64ossp-uuid-devel, p-cpe:/a:mandriva:linux:lib64ossp-uuid16, p-cpe:/a:mandriva:linux:lib64ossp-uuid_dce16, p-cpe:/a:mandriva:linux:lib64pq8.4_5, p-cpe:/a:mandriva:linux:lib64pq9.0_5, p-cpe:/a:mandriva:linux:libecpg8.4_6, p-cpe:/a:mandriva:linux:libecpg9.0_6, p-cpe:/a:mandriva:linux:libossp-uuid++16, p-cpe:/a:mandriva:linux:libossp-uuid-devel, p-cpe:/a:mandriva:linux:libossp-uuid16, p-cpe:/a:mandriva:linux:libossp-uuid_dce16, p-cpe:/a:mandriva:linux:libpq8.4_5, p-cpe:/a:mandriva:linux:libpq9.0_5, p-cpe:/a:mandriva:linux:ossp-uuid, p-cpe:/a:mandriva:linux:perl-OSSP-uuid, p-cpe:/a:mandriva:linux:php-OSSP-uuid, p-cpe:/a:mandriva:linux:postgresql-OSSP-uuid, p-cpe:/a:mandriva:linux:postgresql8.4, p-cpe:/a:mandriva:linux:postgresql8.4-contrib, p-cpe:/a:mandriva:linux:postgresql8.4-devel, p-cpe:/a:mandriva:linux:postgresql8.4-docs, p-cpe:/a:mandriva:linux:postgresql8.4-pl, p-cpe:/a:mandriva:linux:postgresql8.4-plperl, p-cpe:/a:mandriva:linux:postgresql8.4-plpgsql, p-cpe:/a:mandriva:linux:postgresql8.4-plpython, p-cpe:/a:mandriva:linux:postgresql8.4-pltcl, p-cpe:/a:mandriva:linux:postgresql8.4-server, p-cpe:/a:mandriva:linux:postgresql9.0, p-cpe:/a:mandriva:linux:postgresql9.0-contrib, p-cpe:/a:mandriva:linux:postgresql9.0-devel, p-cpe:/a:mandriva:linux:postgresql9.0-docs, p-cpe:/a:mandriva:linux:postgresql9.0-pl, p-cpe:/a:mandriva:linux:postgresql9.0-plperl, p-cpe:/a:mandriva:linux:postgresql9.0-plpgsql, p-cpe:/a:mandriva:linux:postgresql9.0-plpython, p-cpe:/a:mandriva:linux:postgresql9.0-pltcl, p-cpe:/a:mandriva:linux:postgresql9.0-server, cpe:/o:mandriva:linux:2010.1, cpe:/o:mandriva:linux:2011

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/10/24

Reference Information

CVE: CVE-2011-2483

BID: 49241

OSVDB: 74742

MDVSA: 2011:161