PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code.
Package | dev-db/postgresql on all architectures |
---|---|
Affected versions | < 7.3.9-r1 < 7.4.13 < 8.0.1-r1 |
Unaffected versions | = 7.3* = 7.4* >= 8.0.1-r1 |
PostgreSQL is a SQL compliant, open source object-relational database management system.
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.
A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.
There is no known workaround at this time.
All PostgreSQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose dev-db/postgresql
Release date
February 14, 2005
Latest revision
June 26, 2007: 04
Severity
high
Exploitable
remote
Bugzilla entries