Apple Security Advisory 2013-03-14-1 - OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.
1e8f51ffad32ee5ec0c6272e89d6a3912ef63b3f493ec6bce9c955e8f09dc3f6Gentoo Linux Security Advisory 201209-24 - Multiple vulnerabilities have been found in PostgreSQL which may allow a remote attacker to conduct several attacks. Versions less than 9.1.5 are affected.
aadd0a998d1f2db81a1c115cf7617428cb68b328b2051e91f2e2de0940ce8305Red Hat Security Advisory 2012-1263-01 - PostgreSQL is an advanced object-relational database management system. It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations. An unprivileged database user could use this flaw to read and write to local files and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query.
56815e3f6c74e90aad1fc30e0b05b48e7a3e672cd78f7b2f9630ab9db203ab87Debian Linux Security Advisory 2534-1 - Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database.
01a65b6b4383dd4b7e29047f20b9fd8b6c921945e25c0e8d66e6a42b534c2751Ubuntu Security Notice 1542-1 - Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users to read data with the privileges of the database server.
9fa0f29d543629dc0f9b504fe146eed8146d9759831fdc2e8de51e84977c2109Mandriva Linux Security Advisory 2012-139 - Multiple vulnerabilities has been discovered and corrected in postgresql. libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
b626ecf629cea63c6722a9394e10f6f5f9a0c83303712b7e5640c33051aebdb6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed