|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN6-1 : postgresql contributed script vulnerability Vulnerability Scan
Vulnerability Scan Summary
postgresql contributed script vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libecpg-dev
- libecpg4
- libpgtcl
- libpgtcl-dev
- libpq3
- postgresql
- postgresql-client
- postgresql-contrib
- postgresql-dev
- postgresql-doc
Description :
Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the rights of the user
invoking the script.
Solution :
Upgrade to :
- libecpg-dev-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libecpg4-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libpgtcl-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libpgtcl-dev-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- libpq3-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-client-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-contrib-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-dev-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
- postgresql-doc-7.4.5-3ubuntu0.1 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
