Описание
ELSA-2012-1263: postgresql and postgresql84 security update (MODERATE)
[8.4.13-1]
- Update to PostgreSQL 8.4.13, for various fixes described at http://www.postgresql.org/docs/8.4/static/release-8-4-13.html including the fixes for CVE-2012-3488, CVE-2012-3489 Resolves: #852020
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
postgresql
8.4.13-1.el6_3
postgresql-contrib
8.4.13-1.el6_3
postgresql-devel
8.4.13-1.el6_3
postgresql-docs
8.4.13-1.el6_3
postgresql-libs
8.4.13-1.el6_3
postgresql-plperl
8.4.13-1.el6_3
postgresql-plpython
8.4.13-1.el6_3
postgresql-pltcl
8.4.13-1.el6_3
postgresql-server
8.4.13-1.el6_3
postgresql-test
8.4.13-1.el6_3
Oracle Linux i686
postgresql
8.4.13-1.el6_3
postgresql-contrib
8.4.13-1.el6_3
postgresql-devel
8.4.13-1.el6_3
postgresql-docs
8.4.13-1.el6_3
postgresql-libs
8.4.13-1.el6_3
postgresql-plperl
8.4.13-1.el6_3
postgresql-plpython
8.4.13-1.el6_3
postgresql-pltcl
8.4.13-1.el6_3
postgresql-server
8.4.13-1.el6_3
postgresql-test
8.4.13-1.el6_3
Oracle Linux 5
Oracle Linux ia64
postgresql84
8.4.13-1.el5_8
postgresql84-contrib
8.4.13-1.el5_8
postgresql84-devel
8.4.13-1.el5_8
postgresql84-docs
8.4.13-1.el5_8
postgresql84-libs
8.4.13-1.el5_8
postgresql84-plperl
8.4.13-1.el5_8
postgresql84-plpython
8.4.13-1.el5_8
postgresql84-pltcl
8.4.13-1.el5_8
postgresql84-python
8.4.13-1.el5_8
postgresql84-server
8.4.13-1.el5_8
postgresql84-tcl
8.4.13-1.el5_8
postgresql84-test
8.4.13-1.el5_8
Oracle Linux x86_64
postgresql84
8.4.13-1.el5_8
postgresql84-contrib
8.4.13-1.el5_8
postgresql84-devel
8.4.13-1.el5_8
postgresql84-docs
8.4.13-1.el5_8
postgresql84-libs
8.4.13-1.el5_8
postgresql84-plperl
8.4.13-1.el5_8
postgresql84-plpython
8.4.13-1.el5_8
postgresql84-pltcl
8.4.13-1.el5_8
postgresql84-python
8.4.13-1.el5_8
postgresql84-server
8.4.13-1.el5_8
postgresql84-tcl
8.4.13-1.el5_8
postgresql84-test
8.4.13-1.el5_8
Oracle Linux i386
postgresql84
8.4.13-1.el5_8
postgresql84-contrib
8.4.13-1.el5_8
postgresql84-devel
8.4.13-1.el5_8
postgresql84-docs
8.4.13-1.el5_8
postgresql84-libs
8.4.13-1.el5_8
postgresql84-plperl
8.4.13-1.el5_8
postgresql84-plpython
8.4.13-1.el5_8
postgresql84-pltcl
8.4.13-1.el5_8
postgresql84-python
8.4.13-1.el5_8
postgresql84-server
8.4.13-1.el5_8
postgresql84-tcl
8.4.13-1.el5_8
postgresql84-test
8.4.13-1.el5_8
Связанные CVE
Связанные уязвимости
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
The xml_parse function in the libxml2 support in the core server compo ...
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.