LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

postgresql: file disclosure

Package(s):postgresql CVE #(s):CVE-2012-3488 CVE-2012-3489
Created:August 20, 2012 Updated:September 28, 2012
Description: From the postgresql advisory:

This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow reading of arbitrary files by any authenticated database user, and the XSLT vulnerability allows writing files as well. The fixes cause limited backwards compatibility issues.

Alerts:
Mandriva MDVSA-2012:139 2012-08-19
Ubuntu USN-1542-1 2012-08-20
Debian DSA-2534-1 2012-08-25
Fedora FEDORA-2012-12165 2012-08-26
Fedora FEDORA-2012-12156 2012-08-26
Mageia MGASA-2012-0242 2012-08-26
Red Hat RHSA-2012:1264-01 2012-09-13
Red Hat RHSA-2012:1263-01 2012-09-13
CentOS CESA-2012:1264 2012-09-13
CentOS CESA-2012:1263 2012-09-13
CentOS CESA-2012:1263 2012-09-13
Oracle ELSA-2012-1264 2012-09-14
Oracle ELSA-2012-1263 2012-09-14
Oracle ELSA-2012-1263 2012-09-14
Scientific Linux SL-post-20120914 2012-09-14
Scientific Linux SL-post-20120914 2012-09-14
openSUSE openSUSE-SU-2012:1251-1 2012-09-26
Gentoo 201209-24 2012-09-28
openSUSE openSUSE-SU-2012:1288-1 2012-10-04
openSUSE openSUSE-SU-2012:1299-1 2012-10-06
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds