Oval Definition:oval:org.mitre.oval:def:23197
Revision Date:2014-05-26Version:13
Title:ELSA-2012:1264: postgresql security update (Moderate)
Description:The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2012-3488
ELSA-2012:1264-00
Platform(s):Oracle Linux 5
Product(s):postgresql
Definition Synopsis
  • Oracle Linux 5.x
  • AND rpm test
  • postgresql-server is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-libs is earlier than 0:8.1.23-6.el5_8
  • OR postgresql is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-python is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-docs is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-pl is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-test is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-devel is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-contrib is earlier than 0:8.1.23-6.el5_8
  • OR postgresql-tcl is earlier than 0:8.1.23-6.el5_8
  • BACK