|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for postgresql RHSA-2012:1264-01|
|Summary:||The remote host is missing an update for the 'postgresql'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'postgresql'
package(s) announced via the referenced advisory.
PostgreSQL is an advanced object-relational database management system
It was found that the optional PostgreSQL xml2 contrib module allowed local
files and remote URLs to be read and written to with the privileges of the
database server when parsing Extensible Stylesheet Language Transformations
(XSLT). An unprivileged database user could use this flaw to read and write
to local files (such as the database's configuration files) and remote URLs
they would otherwise not have access to by issuing a specially-crafted SQL
Red Hat would like to thank the PostgreSQL project for reporting this
issue. Upstream acknowledges Peter Eisentraut as the original reporter.
All PostgreSQL users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. If the postgresql
service is running, it will be automatically restarted after installing
postgresql on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2012-3488|
BugTraq ID: 55072
Debian Security Information: DSA-2534 (Google Search)
RedHat Security Advisories: RHSA-2012:1263
RedHat Security Advisories: RHSA-2012:1264
SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search)
SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search)
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.