oval:org.mitre.oval:def:23197

Definition Id: oval:org.mitre.oval:def:23197

Oval ID:	oval:org.mitre.oval:def:23197
Title:	ELSA-2012:1264: postgresql security update (Moderate)
Description:	The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1264-00 CVE-2012-3488	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	postgresql
Definition Synopsis:
Oracle Linux 5.x rpm test postgresql-server is earlier than 0:8.1.23-6.el5_8 AND postgresql-libs is earlier than 0:8.1.23-6.el5_8 AND postgresql is earlier than 0:8.1.23-6.el5_8 AND postgresql-python is earlier than 0:8.1.23-6.el5_8 AND postgresql-docs is earlier than 0:8.1.23-6.el5_8 AND postgresql-pl is earlier than 0:8.1.23-6.el5_8 AND postgresql-test is earlier than 0:8.1.23-6.el5_8 AND postgresql-devel is earlier than 0:8.1.23-6.el5_8 AND postgresql-contrib is earlier than 0:8.1.23-6.el5_8 AND postgresql-tcl is earlier than 0:8.1.23-6.el5_8

Definition Id: oval:org.mitre.oval:def:15459

Oval ID:	oval:org.mitre.oval:def:15459
Title:	Oracle Linux 5.x
Description:	The operating system installed on the system is Oracle Linux 5.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:oracle:linux:5	Version:	7
Platform(s):	Oracle Linux 5	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND Oracle Linux 5.x is installed
Referenced By:
oval:org.mitre.oval:def:23197