FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321338
Date:      2013-06-19
Time:      21:56:56Z
Committer: jgh

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
51436b4c-1250-11dd-bab7-0016179b2dd5	postgresql -- multiple vulnerabilities The PostgreSQL developers report: PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed. PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole. Discovery 2008-01-06 Entry 2008-04-24 postgresql postgresql-server ge 7.3 lt 7.3.21 ge 7.4 lt 7.4.19 ge 8.0 lt 8.0.15 ge 8.1 lt 8.1.11 ge 8.2 lt 8.2.6 CVE-2007-6600 CVE-2007-4772 CVE-2007-6067 CVE-2007-4769 CVE-2007-6601 27163 http://www.postgresql.org/about/news.905
51436b4c-1250-11dd-bab7-0016179b2dd5	postgresql -- multiple vulnerabilities The PostgreSQL developers report: PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed. PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole. Discovery 2008-01-06 Entry 2008-04-24 postgresql postgresql-server ge 7.3 lt 7.3.21 ge 7.4 lt 7.4.19 ge 8.0 lt 8.0.15 ge 8.1 lt 8.1.11 ge 8.2 lt 8.2.6 CVE-2007-6600 CVE-2007-4772 CVE-2007-6067 CVE-2007-4769 CVE-2007-6601 27163 http://www.postgresql.org/about/news.905

VuXML ID

Description

51436b4c-1250-11dd-bab7-0016179b2dd5

postgresql -- multiple vulnerabilities

The PostgreSQL developers report:

PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Both of these holes have now been closed.

PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend.

DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle, but that patch failed to close all forms of the loophole.

Discovery 2008-01-06
Entry 2008-04-24
postgresql
postgresql-server

ge 7.3 lt 7.3.21

ge 7.4 lt 7.4.19

ge 8.0 lt 8.0.15

ge 8.1 lt 8.1.11

ge 8.2 lt 8.2.6

CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
27163
http://www.postgresql.org/about/news.905