NASLDB: FreeBSD : databases/postgresql*-server -- multiple vulnerabilities (07234e78-e899-11e1-b38d-0023ae8e59f0)
General
ID: 61586
Name: FreeBSD : databases/postgresql*-server — multiple vulnerabilities (07234e78-e899-11e1-b38d-0023ae8e59f0)
Summary: Checks for updated packages in pkg_info output
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Temporal Vector: –
Port: 0
Family: FreeBSD Local Security Checks
Type: Local
Description
The PostgreSQL Global Development Group reports :
The PostgreSQL Global Development Group today released security
updates for all active branches of the PostgreSQL database system,
including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update
patches security holes associated with libxml2 and libxslt, similar to
those affecting other open source projects. All users are urged to
update their installations at the first available opportunity
Users who are relying on the built-in XML functionality to validate
external DTDs will need to implement a workaround, as this security
patch disables that functionality. Users who are using xslt_process()
to fetch documents or stylesheets from external URLs will no longer be
able to do so. The PostgreSQL project regrets the need to disable both
of these features in order to maintain our security standards. These
security issues with XML are substantially similar to issues patched
recently by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and
PHP5 (CVE-2012-0057) projects.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2012-3488
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/08/17
Patch Release: 2012/08/17
Plugin Release: 2012/08/20
Plugin
Version: 1.4
Filename: freebsd_pkg_07234e78e89911e1b38d0023ae8e59f0.nasl
Filesize: 5457 bytes
MD5 Hash: d7b05b320239a7b2b37a6d640a23c852
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack