PostgreSQL: Buffer overflows in PL/PgSQL parser

2005-02-14T00:00:00
ID GLSA-200502-19
Type gentoo
Reporter Gentoo Foundation
Modified 2007-06-26T00:00:00

Description

Background

PostgreSQL is a SQL compliant, open source object-relational database management system.

Description

PostgreSQL is vulnerable to several buffer overflows in the PL/PgSQL parser.

Impact

A remote attacker could send a malicious query resulting in the execution of arbitrary code with the permissions of the user running PostgreSQL.

Workaround

There is no known workaround at this time.

Resolution

All PostgreSQL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose dev-db/postgresql