CVE-2012-3489

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.3 through 8.3.19 PostgreSQL versions 8.4 through 8.4.12 PostgreSQL versions 9.0 through 9.0.8 PostgreSQL versions 9.1 through 9.1.4

Description The issue allows remote attackers to determine the existence of arbitrary files or URLs and possibly obtain the file or URL content that triggers a parsing error. This is related to an XML External Entity (XXE) issue, where the xml parse function in the libxml2 support can be exploited through an XML value that refers to (1) a DTD or (2) an entity.

Recommendations For PostgreSQL versions 8.3 through 8.3.19, update to version 8.3.20 or later. For PostgreSQL versions 8.4 through 8.4.12, update to version 8.4.13 or later. For PostgreSQL versions 9.0 through 9.0.8, update to version 9.0.9 or later. For PostgreSQL versions 9.1 through 9.1.4, update to version 9.1.5 or later.