Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=00e321c93d0f252dd6cd9e93ce2b72d7ada0a7b3
commit 00e321c93d0f252dd6cd9e93ce2b72d7ada0a7b3 Author: voroskoi <[EMAIL PROTECTED]> Date: Wed Jan 23 21:26:20 2008 +0100 FSA364-postgresql diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index e7b23ea..884ea93 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,25 @@ <fsas> <fsa> + <id>364</id> + <date>2008-01-23</date> + <author>voroskoi</author> + <package>postgresql</package> + <vulnerable>8.2.5-1</vulnerable> + <unaffected>8.2.6-1sayshell1</unaffected> + <bts>http://bugs.frugalware.org/task/2714</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4769 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6601 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067</cve> + <desc>Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service). + 1) Index functions are executed as superuser during "VACUUM" and "ANALYZE", which can be exploited to gain escalated privileges. + 2) "SET ROLE" and "SET SESSION AUTHORIZATION" are permitted within index functions, which can be exploited to gain escalated privileges. + 3) Various errors in the processing of regular expressions within SQL queries can be exploited to cause infinite loops, consume large amounts of memory, or to crash the backend, resulting in a DoS. + 4) Errors in the DBLink module can be exploited to gain superuser privileges when being used in combination with local trust or ident authentication.</desc> + </fsa> + <fsa> <id>363</id> <date>2008-01-23</date> <author>voroskoi</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
