Joined: 13 Jun 2003
Location: Dresden, Germany
|Posted: Mon Feb 14, 2005 11:12 pm Post subject: [ GLSA 200502-19 ] PostgreSQL: Buffer overflows in PL/PgSQL
|Gentoo Linux Security Advisory
Title: PostgreSQL: Buffer overflows in PL/PgSQL parser (GLSA 200502-19)
Date: February 14, 2005
Updated: June 26, 2007
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser leading to execution of arbitrary code.
PostgreSQL is a SQL compliant, open source object-relational database management system.
Vulnerable: < 7.3.9-r1
Vulnerable: < 7.4.13
Vulnerable: < 8.0.1-r1
Unaffected: = 7.3*
Unaffected: = 7.4*
Unaffected: >= 8.0.1-r1
Architectures: All supported architectures
PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.
A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.
There is no known workaround at this time.
All PostgreSQL users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql
Last edited by GLSA on Wed Jun 27, 2007 4:17 am; edited 7 times in total