Peter Eisentraut

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 8.4.20 PostgreSQL versions 9.0.x prior to 9.0.16 PostgreSQL versions 9.1.x prior to 9.1.12 PostgreSQL versions 9.2.x prior to 9.2.7 PostgreSQL versions 9.3.x prior to 9.3.3 **Description** The issue involves multiple buffer overflows that allow remote authenticated users to have an unspecified impact. This is related to potential buffer overruns of fixed-size buffers. **Recommendations** For versions prior to 8.4.20, update to version 8.4.20 or later. For versions 9.0.x prior to 9.0.16, update to version 9.0.16 or later. For versions 9.1.x prior to 9.1.12, update to version 9.1.12 or later. For versions 9.2.x prior to 9.2.7, update to version 9.2.7 or later. For versions 9.3.x prior to 9.3.3, update to version 9.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.3 through 8.3.19 PostgreSQL versions 8.4 through 8.4.12 PostgreSQL versions 9.0 through 9.0.8 PostgreSQL versions 9.1 through 9.1.4 **Description** The issue allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts. This is related to an XML External Entity (XXE) issue, where stylesheet commands permitted by the libxslt security options or the xslt process feature can be leveraged. The `xslt process()` function can be used to read and write arbitrary files. **Recommendations** For PostgreSQL versions 8.3 through 8.3.19, update to version 8.3.20 or later. For PostgreSQL versions 8.4 through 8.4.12, update to version 8.4.13 or later. For PostgreSQL versions 9.0 through 9.0.8, update to version 9.0.9 or later. For PostgreSQL versions 9.1 through 9.1.4, update to version 9.1.5 or later.