RHEL 3 : rh-postgresql (RHSA-2004:489)

low Nessus Plugin ID 16016

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated rh-postgresql packages that fix various bugs are now available.

PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects, and user-defined types and functions).

Trustix has identified improper temporary file usage in the make_oidjoins_check script. It is possible that an attacker could overwrite arbitrary file contents as the user running the make_oidjoins_check script. This script has been removed from the RPM file since it has no use to ordinary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0977 to this issue.

Additionally, the following non-security issues have been addressed :

- Fixed a low probability risk for loss of recently committed transactions.

- Fixed a low probability risk for loss of older data due to failure to update transaction status.

- A lock file problem that sometimes prevented automatic restart after a system crash has been fixed.

All users of rh-postgresql should upgrade to these updated packages, which resolve these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0977

https://access.redhat.com/errata/RHSA-2004:489

Plugin Details

Severity: Low

ID: 16016

File Name: redhat-RHSA-2004-489.nasl

Version: 1.25

Type: local

Agent: unix

Published: 12/21/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:rh-postgresql, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-contrib, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-devel, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-docs, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-jdbc, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-libs, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-pl, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-python, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-server, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-tcl, p-cpe:/a:redhat:enterprise_linux:rh-postgresql-test, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 12/20/2004

Vulnerability Publication Date: 2/9/2005

Reference Information

CVE: CVE-2004-0977

RHSA: 2004:489