Oval Definition:oval:org.mitre.oval:def:21356
Revision Date:2014-02-24Version:36
Title:RHSA-2012:1263: postgresql and postgresql84 security update (Moderate)
Description:The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2012:1263
CVE-2012-3488
CVE-2012-3489
RHSA-2012:1263-01
Platform(s):CentOS Linux 5
CentOS Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s):postgresql
postgresql84
Definition Synopsis
  • Operation system section
  • Redhat 5 or Centos 5 release
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • AND Packages section
  • postgresql84-pltcl is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-server is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-docs is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84 is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-test is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-contrib is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-tcl is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-plpython is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-plperl is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-python is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-devel is earlier than 0:8.4.13-1.el5_8
  • OR postgresql84-libs is earlier than 0:8.4.13-1.el5_8
  • Operation system section
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • postgresql is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-server is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-devel is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-libs is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-pltcl is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-plpython is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-docs is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-test is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-plperl is earlier than 0:8.4.13-1.el6_3
  • OR postgresql-contrib is earlier than 0:8.4.13-1.el6_3
    • BACK