PostgreSQL "xml_parse()" and "xslt_process()" Vulnerabilities
Last Update Date:
20 Aug 2012 10:56
Release Date:
20 Aug 2012
5333
Views
RISK: Medium Risk
TYPE: Servers - Database Servers
Two vulnerabilities have been identified in PostgreSQL, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
- An error within the "xml_parse()" function when parsing DTD data within XML documents can be exploited to read arbitrary files.
- An error within the "xslt_process()" function when parsing XSLT style sheets can be exploited to e.g. create or overwrite arbitrary files.
Impact
- Information Disclosure
- Data Manipulation
System / Technologies affected
- PostgreSQL 8.x
- PostgreSQL 9.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 9.1.5, 9.0.9, 8.4.13, or 8.3.20.
Vulnerability Identifier
Source
Related Link
Share with