Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PostgreSQL < 8.3.20 / 8.4.13 / 9.0.9 / 9.1.5 Multiple Vulnerabilities

Medium

Synopsis

The remote database server is affected by multiple vulnerabilities.

Description

Versions of PostgreSQL earlier than 8.3.20 / 8.4.13 / 9.0.9 / 9.1.5 are potentially affected by multiple vulnerabilities. It therefore is affected by the following vulnerabilities :

- A flaw in contrib/xml2's xslt_process can be used to read and write arbitrary files. (CVE-2012-3488)

- An xml_parse() DTD validation flaw can be used to read arbitrary files. (CVE-2012-3489)

Solution

Upgrade to PostgreSQL 8.3.20 / 8.4.13 / 9.0.9 / 9.1.5 or later.