Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2012-121)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120481

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2012-121)

Resumen: The remote host is missing an update for the 'postgresql9' package(s) announced via the ALAS-2012-121 advisory.

Descripción: Summary:
The remote host is missing an update for the 'postgresql9' package(s) announced via the ALAS-2012-121 advisory.

Vulnerability Insight:
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.

Affected Software/OS:
'postgresql9' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3488
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
BugTraq ID: 55072
http://www.securityfocus.com/bid/55072
Debian Security Information: DSA-2534 (Google Search)
http://www.debian.org/security/2012/dsa-2534
http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
RedHat Security Advisories: RHSA-2012:1263
http://rhn.redhat.com/errata/RHSA-2012-1263.html
RedHat Security Advisories: RHSA-2012:1264
http://rhn.redhat.com/errata/RHSA-2012-1264.html
http://secunia.com/advisories/50635
http://secunia.com/advisories/50636
http://secunia.com/advisories/50718
http://secunia.com/advisories/50859
http://secunia.com/advisories/50946
SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
http://www.ubuntu.com/usn/USN-1542-1

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120481
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2012-121)
Resumen:	The remote host is missing an update for the 'postgresql9' package(s) announced via the ALAS-2012-121 advisory.
Descripción:	Summary: The remote host is missing an update for the 'postgresql9' package(s) announced via the ALAS-2012-121 advisory. Vulnerability Insight: The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. Affected Software/OS: 'postgresql9' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3488 http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html BugTraq ID: 55072 http://www.securityfocus.com/bid/55072 Debian Security Information: DSA-2534 (Google Search) http://www.debian.org/security/2012/dsa-2534 http://www.mandriva.com/security/advisories?name=MDVSA-2012:139 RedHat Security Advisories: RHSA-2012:1263 http://rhn.redhat.com/errata/RHSA-2012-1263.html RedHat Security Advisories: RHSA-2012:1264 http://rhn.redhat.com/errata/RHSA-2012-1264.html http://secunia.com/advisories/50635 http://secunia.com/advisories/50636 http://secunia.com/advisories/50718 http://secunia.com/advisories/50859 http://secunia.com/advisories/50946 SuSE Security Announcement: openSUSE-SU-2012:1251 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SuSE Security Announcement: openSUSE-SU-2012:1288 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SuSE Security Announcement: openSUSE-SU-2012:1299 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html http://www.ubuntu.com/usn/USN-1542-1
Copyright	Copyright (C) 2015 Greenbone AG