FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3489

This CVE name corresponds to:

Entered Topic
2012-08-17 databases/postgresql*-server -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-3489 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-3489
Phase Assigned(20120614)

Description

The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.

References

Source Reference
CONFIRM http://www.postgresql.org/about/news/1407/
CONFIRM http://www.postgresql.org/docs/8.3/static/release-8-3-20.html
CONFIRM http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
CONFIRM http://www.postgresql.org/docs/9.0/static/release-9-0-9.html
CONFIRM http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
CONFIRM http://www.postgresql.org/support/security/
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=849173
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
APPLE APPLE-SA-2013-03-14-1
DEBIAN DSA-2534
MANDRIVA MDVSA-2012:139
REDHAT RHSA-2012:1263
SUSE openSUSE-SU-2012:1299
SUSE openSUSE-SU-2012:1251
SUSE openSUSE-SU-2012:1288
UBUNTU USN-1542-1
BID 55074
SECUNIA 50635
SECUNIA 50718
SECUNIA 50946
SECUNIA 50859

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.