{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"PostgreSQL 7.4 ;","product":{"name":"PostgreSQL","vendor":{"name":"PostgreSQL","scada":false}}},{"description":"PostgreSQL 8.2.","product":{"name":"PostgreSQL","vendor":{"name":"PostgreSQL","scada":false}}},{"description":"PostgreSQL 8.0 ;","product":{"name":"PostgreSQL","vendor":{"name":"PostgreSQL","scada":false}}},{"description":"PostgreSQL 8.1 ;","product":{"name":"PostgreSQL","vendor":{"name":"PostgreSQL","scada":false}}},{"description":"PostgreSQL 7.3 ;","product":{"name":"PostgreSQL","vendor":{"name":"PostgreSQL","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans PostgreSQL.\n\nLa premi\u00e8re (CVE-2007-0555) permet \u00e0 un utilisateur malintentionn\u00e9, en\nsupprimant les informations renvoy\u00e9es par certaines fonctions de\ncontr\u00f4le, de r\u00e9aliser un d\u00e9ni de service et d'acc\u00e8der \u00e0 des donn\u00e9es\nprot\u00e9g\u00e9es.\n\nLa seconde (CVE-2007-0556) permet \u00e0 un utilisateur malintentionn\u00e9, en\nchangeant le type de donn\u00e9es d'une colonne, de r\u00e9aliser un d\u00e9ni de\nservice et d'acc\u00e8der \u00e0 des donn\u00e9es prot\u00e9g\u00e9es.\n\n## Solution\n\nLes versions 8.2.2, 8.1.7, 8.0.11, 7.4.16 et 7.3.13 de PostgreSQL\ncorrigent les probl\u00e8mes. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur\npour l'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-0556","url":"https://www.cve.org/CVERecord?id=CVE-2007-0556"},{"name":"CVE-2007-0555","url":"https://www.cve.org/CVERecord?id=CVE-2007-0555"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1261 du 15 mars 2007 :","url":"http://www.us.debian.org/security/2007/dsa-1261"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-417-1 du 05 f\u00e9vrier 2007 :","url":"http://www.ubuntu.com/usn/usn-417-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0064 du 07 f\u00e9vrier    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-0064.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-417-2 du 06 f\u00e9vrier 2007 :","url":"http://www.ubuntu.com/usn/usn-417-2"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:037 du 06 f\u00e9vrier    2007 :","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:037"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-417-3 du 09 f\u00e9vrier 2007 :","url":"http://www.ubuntu.com/usn/usn-417-3"},{"title":"Bulletin de s\u00e9curit\u00e9 Sun Solaris #102825 du 27 f\u00e9vrier 2007    :","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-102825-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200703-15 du 16 mars 2007    :","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-15.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-117 du 19 mars 2007 :","url":"http://www.support.avaya.com/elmodocs2/security/ASA-2007-117.htm"}],"reference":"CERTA-2007-AVI-069","revisions":[{"description":"version initiale.","revision_date":"2007-02-06T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Sun Solaris.","revision_date":"2007-03-01T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Debian, Gentoo, Mandriva, Red Hat, Ubuntu et Avaya.","revision_date":"2007-03-26T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s de PostgreSQL permettent \u00e0 une personne\nmalveillante de r\u00e9aliser un d\u00e9ni de service et de contourner la\npolitique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s sous PostgreSQL","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 PostgreSQL","url":"http://www.postgresql.org/support/security"}]}