1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200502-19 / postgresql |
| Release Date | February 14, 2005 |
| Latest Revision | June 26, 2007: 04 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-db/postgresql | < 7.3.9-r1, < 7.4.13, < 8.0.1-r1 | = 7.3*, = 7.4*, >= 8.0.1-r1 | All supported architectures |
Related bugreports: #81350
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code.
PostgreSQL is a SQL compliant, open source object-relational database management system.
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.
A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.
There is no known workaround at this time.
All PostgreSQL users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose dev-db/postgresql |