Oval Definition:oval:org.mitre.oval:def:22220
Revision Date:2014-02-24Version:11
Title:RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)
Description:The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2010:0742
CVE-2010-3433
RHSA-2010:0742-01
Platform(s):CentOS Linux 5
Red Hat Enterprise Linux 5
Product(s):postgresql
postgresql84
Definition Synopsis
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • postgresql84-tcl is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-docs is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-python is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-plpython is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-server is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-test is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-libs is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-pltcl is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-plperl is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-devel is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84 is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql84-contrib is earlier than 0:8.4.5-1.el5_5.1
  • OR postgresql-docs is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-devel is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-test is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-contrib is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-libs is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-tcl is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-python is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-server is earlier than 0:8.1.22-1.el5_5.1
  • OR postgresql-pl is earlier than 0:8.1.22-1.el5_5.1
    • BACK