1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200608-10 / pike |
| Release Date | August 06, 2006 |
| Latest Revision | December 13, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-lang/pike | < 7.6.86 | >= 7.6.86 | All supported architectures |
Related bugreports: #136065
A flaw in the input handling could lead to the execution of arbitrary SQL statements in the underlying PostgreSQL database.
Pike is a general purpose programming language, able to be used for multiple tasks.
Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database.
A remote attacker could provide malicious input to a pike program, which might result in the execution of arbitrary SQL statements.
There is no known workaround at this time.
All pike users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/pike-7.6.86" |