47 matches found
MiracleLinux 3 : postgresql-8.1.23-6.0.1.AXS3 (AXSA:2012-1005:03)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-1005:03 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and...
SUSE: Security Advisory (SUSE-SU-2012:1336-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2012-1263)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2012-1264)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2012-129)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)
PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service stack...
openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1288-1)
Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...
openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)
Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...
openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)
This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...
Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)
Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488contrib/xml2's xsltprocess can be used to read and write external files and URLs. CVE-2012-3489xmlparse fetches external files or URLs to resolve DTD and entity references in XML values. Thi...
Debian: Security Advisory (DSA-2534-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : postgresql9 (ALAS-2012-121)
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...
Amazon Linux AMI : postgresql8 (ALAS-2012-129)
It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this flaw to read and...
Fedora Update for postgresql FEDORA-2013-5000
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PostgreSQL 8.3 < 8.3.20 / 8.4 < 8.4.13 / 9.0 < 9.0.9 / 9.1 < 9.1.5 Multiple Vulnerabilities
The version of PostgreSQL installed on the remote host is 8.3.x prior to 8.3.20, 8.4.x prior to 8.4.13, 9.0.x prior to 9.0.9, or 9.1.x prior to 9.1.5. It therefore is potentially affected by multiple vulnerabilities : - A flaw in contrib/xml2's xsltprocess can be used to read and write arbitrary...
SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311)
PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - This update fixes arbitrary read and write of files via XSL functionality. CVE-2012-3488 - postgresql: denial of service stack exhaustion via...
CVE-2012-3488
CVE-2012-3488 affects PostgreSQL’s libxslt support in contrib/xml2 across multiple versions (8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, 9.1 before 9.1.5). The vulnerability arises from insufficient restriction of files/URLs via libxslt or XML External Entity processing (XXE) in the x...
Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
The remote host is missing updates announced in advisory GLSA 201209-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Medium: postgresql8
Issue Overview: It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this fla...
RedHat Update for postgresql RHSA-2012:1264-01
Check for the Version of postgresql OpenVAS Vulnerability Test RedHat Update for postgresql RHSA-2012:1264-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...