Alpine Linux: CVE-2012-3489: Vulnerability in pgsql < 9.1.5 may allow information disclosure
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | October 03, 2012 | August 30, 2017 | September 22, 2017 |
Description
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
alpine-linux-upgrade-postgresqlRelated Vulnerabilities
- Gentoo Linux: CVE-2012-3489: PostgreSQL: Multiple vulnerabilities
- PostgreSQL class C vulnerability in core server: CVE-2012-3489
- SUSE Linux Security Vulnerability: CVE-2012-3489
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 source code patch
- OS X update for PostgreSQL (CVE-2012-3489)
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 documentation patch
- USN-1542-1: PostgreSQL vulnerabilities
- FreeBSD: databases/postgresql*-server -- multiple vulnerabilities (Multiple CVEs)
- OS X update for Note (CVE-2012-3489)
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 source code patch
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 core patch
- ELSA-2012-1263 Moderate: Oracle Linux postgresql and postgresql84 security update
- Cent OS: CVE-2012-3489: CESA-2012:1263 (postgresql, postgresql84)
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 documentation patch
- DSA-2534-1 postgresql-8.4 -- several vulnerabilities
- RHSA-2012:1263: postgresql and postgresql84 security update
- Amazon Linux AMI: Security patch for postgresql8 (ALAS-2012-129) (multiple CVEs)
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 core patch