Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:194: postgresql Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the postgresql package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:194 (postgresql).
A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users
to cause a Denial of Service (daemon crash) via certain aggregate
functions in an UPDATE statement which were not handled correctly
Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote
authenticated users to crash the daemon via a coercion of an unknown
element to ANYARRAY (CVE-2006-5541).
Finally, another vulnerability in 8.1.x could allow a remote
authenticated user to cause a DoS related to duration logging of
V3-protocol Execute message for COMMIT and ROLLBACK statements
This updated provides the latest 8.0.x and 8.1.x PostgreSQL versions
and patches the version of PostgreSQL shipped with Corporate 3.0.
After installing this upgrade, you will need to execute 'service
postgresql restart' for it to take effect.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:194
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.