Oval Definition:oval:org.mitre.oval:def:21895
Revision Date:2014-02-24Version:6
Title:RHSA-2010:0908: postgresql security update (Moderate)
Description:The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-3433
RHSA-2010:0908-01
Platform(s):Red Hat Enterprise Linux 6
Product(s):postgresql
Definition Synopsis
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • AND Packages section
  • postgresql is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-libs is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-server is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-devel is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-pltcl is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-plpython is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-docs is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-plperl is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-test is earlier than 0:8.4.5-1.el6_0.2
  • OR postgresql-contrib is earlier than 0:8.4.5-1.el6_0.2
    • BACK