Release date:
Updated on:
Affected Systems:
PostgreSQL 9.x
PostgreSQL 8.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55074
Cve id: CVE-2012-3489
PostgreSQL is an advanced object-relational database management system that supports extended SQL standard subsets.
When PostgreSQL parses the DTD data in the XML document, there is an error in the "xml_parse ()" function, which can be used to read arbitrary files.
<* Source: vendor
Link: http://secunia.com/advisories/50218/
Http://www.postgresql.org/about/news/1407/
Http://www.postgresql.org/support/security/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PostgreSQL
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.postgresql.org