 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.702534 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-2534-1) |
| Summary: | The remote host is missing an update for the Debian 'postgresql-8.4' package(s) announced via the DSA-2534-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'postgresql-8.4' package(s) announced via the DSA-2534-1 advisory. Vulnerability Insight: Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488 contrib/xml2's xslt_process() can be used to read and write external files and URLs. CVE-2012-3489 xml_parse() fetches external files or URLs to resolve DTD and entity references in XML values. This update removes the problematic functionality, potentially breaking applications which use it in a legitimate way. Due to the nature of these vulnerabilities, it is possible that attackers who have only indirect access to the database can supply crafted XML data which exploits this vulnerability. For the stable distribution (squeeze), these problems have been fixed in version 8.4.13-0squeeze1. For the unstable distribution (sid), these problems have been fixed in version 9.1.5-1 of the postgresql-9.1 package. We recommend that you upgrade your postgresql-8.4 packages. Affected Software/OS: 'postgresql-8.4' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3488 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html BugTraq ID: 55072 http://www.securityfocus.com/bid/55072 Debian Security Information: DSA-2534 (Google Search) http://www.debian.org/security/2012/dsa-2534 http://www.mandriva.com/security/advisories?name=MDVSA-2012:139 RedHat Security Advisories: RHSA-2012:1263 http://rhn.redhat.com/errata/RHSA-2012-1263.html RedHat Security Advisories: RHSA-2012:1264 http://rhn.redhat.com/errata/RHSA-2012-1264.html http://secunia.com/advisories/50635 http://secunia.com/advisories/50636 http://secunia.com/advisories/50718 http://secunia.com/advisories/50859 http://secunia.com/advisories/50946 SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html http://www.ubuntu.com/usn/USN-1542-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3489 BugTraq ID: 55074 http://www.securityfocus.com/bid/55074 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |