Lucene search

K
freebsdFreeBSD07234E78-E899-11E1-B38D-0023AE8E59F0
HistoryAug 17, 2012 - 12:00 a.m.

databases/postgresql*-server -- multiple vulnerabilities

2012-08-1700:00:00
vuxml.freebsd.org
38

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

The PostgreSQL Global Development Group reports:

The PostgreSQL Global Development Group today released
security updates for all active branches of the PostgreSQL
database system, including versions 9.1.5, 9.0.9, 8.4.13 and
8.3.20. This update patches security holes associated with
libxml2 and libxslt, similar to those affecting other open
source projects. All users are urged to update their
installations at the first available opportunity
Users who are relying on the built-in XML functionality to
validate external DTDs will need to implement a workaround, as
this security patch disables that functionality. Users who are
using xslt_process() to fetch documents or stylesheets from
external URLs will no longer be able to do so. The PostgreSQL
project regrets the need to disable both of these features in
order to maintain our security standards. These security issues
with XML are substantially similar to issues patched recently
by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5
(CVE-2012-0057) projects.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpostgresql-server< 8.3.20UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

0.969 High

EPSS

Percentile

99.7%