Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for postgresql RHSA-2012:1264-01
Summary:The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.

Vulnerability Insight:
PostgreSQL is an advanced object-relational database management system

It was found that the optional PostgreSQL xml2 contrib module allowed local
files and remote URLs to be read and written to with the privileges of the
database server when parsing Extensible Stylesheet Language Transformations
(XSLT). An unprivileged database user could use this flaw to read and write
to local files (such as the database's configuration files) and remote URLs
they would otherwise not have access to by issuing a specially-crafted SQL
query. (CVE-2012-3488)

Red Hat would like to thank the PostgreSQL project for reporting this
issue. Upstream acknowledges Peter Eisentraut as the original reporter.

All PostgreSQL users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. If the postgresql
service is running, it will be automatically restarted after installing
this update.

Affected Software/OS:
postgresql on Red Hat Enterprise Linux (v. 5 server)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3488
BugTraq ID: 55072
Debian Security Information: DSA-2534 (Google Search)
RedHat Security Advisories: RHSA-2012:1263
RedHat Security Advisories: RHSA-2012:1264
SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search)
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.