PostgreSQL: Buffer overflows in PL/PgSQL parser — GLSA 200502-19

PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code.

Affected packages

dev-db/postgresql on all architectures
Affected versions < 7.3.9-r1
< 7.4.13
< 8.0.1-r1
Unaffected versions = 7.3*
= 7.4*
>= 8.0.1-r1

Background

PostgreSQL is a SQL compliant, open source object-relational database management system.

Description

PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.

Impact

A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose dev-db/postgresql

References

Release date
February 14, 2005

Latest revision
June 26, 2007: 04

Severity
high

Exploitable
remote

Bugzilla entries