Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for postgresql CESA-2012:1264 centos5

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

4.9

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update for the 'postgresql' package(s) announced via the referenced advisory.

Insight

Insight

PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Peter Eisentraut as the original reporter. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.

Affected Software

Affected Software

postgresql on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)