GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Mar 17, 2007 12:26 am Post subject: [ GLSA 200703-15 ] PostgreSQL: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: PostgreSQL: Multiple vulnerabilities (GLSA 200703-15)
Severity: normal
Exploitable: remote
Date: March 16, 2007
Updated: May 28, 2009
Bug(s): #165482
ID: 200703-15
Synopsis
PostgreSQL contains two vulnerabilities that could result in a Denial of
Service or unauthorized access to certain information.
Background
PostgreSQL is an open source object-relational database management
system.
Affected Packages
Package: dev-db/postgresql
Vulnerable: < 8.0.11
Unaffected: >= 8.0.11
Unaffected: >= 7.4.17 < 7.4.18
Unaffected: >= 7.4.16 < 7.4.17
Unaffected: >= 7.3.19 < 7.3.20
Unaffected: >= 7.3.13 < 7.3.14
Unaffected: >= 7.3.21 < 7.3.22
Unaffected: >= 7.4.19 < 7.4.20
Architectures: All supported architectures
Description
PostgreSQL does not correctly check the data types of the SQL function
arguments under unspecified circumstances nor the format of the
provided tables in the query planner.
Impact
A remote authenticated attacker could send specially crafted queries to
the server that could result in a server crash and possibly the
unauthorized reading of some database content or arbitrary memory.
Workaround
There is no known workaround at this time.
Resolution
All PostgreSQL users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose "dev-db/postgresql" |
References
CVE-2007-0555
CVE-2007-0556
Last edited by GLSA on Mon Feb 11, 2013 4:24 am; edited 4 times in total |
|