CVE-2012-3488

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.3 through 8.3.19 PostgreSQL versions 8.4 through 8.4.12 PostgreSQL versions 9.0 through 9.0.8 PostgreSQL versions 9.1 through 9.1.4

Description The issue allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts. This is related to an XML External Entity (XXE) issue, where stylesheet commands permitted by the libxslt security options or the xslt process feature can be leveraged. The xslt process() function can be used to read and write arbitrary files.

Recommendations For PostgreSQL versions 8.3 through 8.3.19, update to version 8.3.20 or later. For PostgreSQL versions 8.4 through 8.4.12, update to version 8.4.13 or later. For PostgreSQL versions 9.0 through 9.0.8, update to version 9.0.9 or later. For PostgreSQL versions 9.1 through 9.1.4, update to version 9.1.5 or later.