postgresql-8.1.23-6.0.1.AXS3
エラータID: AXSA:2012-1005:03
リリース日:
2012/12/12 Wednesday - 12:19
題名:
postgresql-8.1.23-6.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の contrib/xml2 の libxslt サポートが適切にファイルや URL へのアクセスを制限しておらず,(1) libxslt セキュリティオプションによって許可されたスタイルシートコマンドあるいは (2) xslt_process 機能を利用し,リモートの認証されたユーザがデータを変更したり,機密情報を得たり,任意の外のホストへの外向きのトラフィックを引き起こしたりする問題を修正しました。(CVE-2012-3488)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-3488
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
追加情報:
N/A
ダウンロード:
SRPMS
- postgresql-8.1.23-6.0.1.AXS3.src.rpm
MD5: 6f78d0f1adbece64b5b640a6b34c4ef6
SHA-256: 2984ce9f0c2629583224d394ea37cfb69d930e03d8e150bc0695e21c7334faf9
Size: 16.82 MB
Asianux Server 3 for x86
- postgresql-8.1.23-6.0.1.AXS3.i386.rpm
MD5: 375a4e20ef3c29e906522120d958a94d
SHA-256: 7cf4e78312ce5098445c259cb20c816f187810808397e81da4a5c09c62f6652c
Size: 2.94 MB - postgresql-contrib-8.1.23-6.0.1.AXS3.i386.rpm
MD5: b38d617fa2550c71f63e7dd53ce8cadb
SHA-256: ff52ff5f8bd5bf14704574ff4bc03da51a278e90ebeb270c44b35d820b6ef55a
Size: 456.74 kB - postgresql-devel-8.1.23-6.0.1.AXS3.i386.rpm
MD5: 5b62878cd911380edda93ef046c1f952
SHA-256: 0282cb4c3aa6b82b9e454b1eaa509ba186d16a43e7b6e61bf0c0f2f8efbd41bf
Size: 1.18 MB - postgresql-docs-8.1.23-6.0.1.AXS3.i386.rpm
MD5: 3a5b9bc6a4ff0026e6da1e345191ac1f
SHA-256: 664e7d4a36bae6cf2ea65974c608d6830235a5b60fe5f329bb6d43219ede6cc9
Size: 5.58 MB - postgresql-libs-8.1.23-6.0.1.AXS3.i386.rpm
MD5: 64422ac72af1142a7c05fb0a1d390e9a
SHA-256: 91bd44ccbb7197e5d112e01fd39734c2d8765e7594e0824236ebf6e45a8c7cdf
Size: 201.56 kB - postgresql-pl-8.1.23-6.0.1.AXS3.i386.rpm
MD5: d71a27b7ab4e53b499fb94d82fedb9f3
SHA-256: 01793c2ca6a71f5a865d2d35a5c66f26da9bba303fec77a734af7ebf846f5614
Size: 73.56 kB - postgresql-python-8.1.23-6.0.1.AXS3.i386.rpm
MD5: d5250f6306d7b981c02c4303dd2bdcd5
SHA-256: 1f26f3c68a950391493d990cef6a729b105b06336259133f40b1dbcd853c83ed
Size: 55.92 kB - postgresql-server-8.1.23-6.0.1.AXS3.i386.rpm
MD5: e42877eaa4888fdecd96315255dc1022
SHA-256: b8263409b449bb1f76e016b80126f782ce7b51971092c986c1e2c2733741ba84
Size: 3.93 MB - postgresql-tcl-8.1.23-6.0.1.AXS3.i386.rpm
MD5: 3437c1adc0b1866e86b4b2e09d2be4b4
SHA-256: 7908022fd36e9880126b66f6d8fde33ab469bfe25af3cfeb05b587e44be70a90
Size: 84.16 kB
Asianux Server 3 for x86_64
- postgresql-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: d0fa69becf0a2a0f1a55888b95aebc57
SHA-256: f03ec29c47a454b897f196835ec0fce2c79c54f5fbb949b612c1caab87d40d3b
Size: 2.97 MB - postgresql-contrib-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: ee7d7a6fcba5584a15112d8bff691ca6
SHA-256: d7676ff74bd0772b8c335ce7c063fc43b980d719649c6414272ff0b58ff4e631
Size: 462.06 kB - postgresql-devel-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: 426a97d697f19b9e6ea59a1911da63ae
SHA-256: 0f581cc00f3402d607a72e558886dfd89f75794d02e1d73d98aa2109a453323c
Size: 1.22 MB - postgresql-docs-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: e1d8cd833b10d7fbedf66b033b46a731
SHA-256: 5ab1e37fefa73e8e8ebe27ae2b307ae0370120de3d95e3d95ae9c10b210fd91e
Size: 5.58 MB - postgresql-libs-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: 8ab0cd361d638152d3411d235a722085
SHA-256: 40fff6c2c70f6b538e619545312daa252f17bb5891548cde3def03f10fe5fc70
Size: 201.40 kB - postgresql-pl-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: 0d87dd58ad69ecfa3640c870844a5f5a
SHA-256: 5032f359fc060ff5db746eb6a6b316464be2b4a04fa3d49adc31d6482a0e1c07
Size: 75.80 kB - postgresql-python-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: 538fcf9d2598d7ca1ee7c119ef6b5b8d
SHA-256: 9e7021bac8d5bfa535fce5a15e363ea90d841c69fac3118f803de81dc6a3f86e
Size: 57.39 kB - postgresql-server-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: e20b0db5837d2bcfd0f3885975a38a28
SHA-256: 377e9abf704347493cbe87858d307f5fab8ba85101dd2cfb3cdc525528350d11
Size: 3.98 MB - postgresql-tcl-8.1.23-6.0.1.AXS3.x86_64.rpm
MD5: fa4a9a46bb71a0ffab5290bb74747c4d
SHA-256: 440f0dc2384d8c66b42e18036dd007741b9a487a2b16db29c04435b9a3272407
Size: 85.42 kB