blob: cdd51706ade5a8da462ceffcb73549ff59fbf4a1 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200703-15">
<title>PostgreSQL: Multiple vulnerabilities</title>
PostgreSQL contains two vulnerabilities that could result in a Denial of
Service or unauthorized access to certain information.
<product type="ebuild">postgresql</product>
<announced>March 16, 2007</announced>
<revised>May 28, 2009: 04</revised>
<package name="dev-db/postgresql" auto="yes" arch="*">
<unaffected range="ge">8.0.11</unaffected>
<unaffected range="rge">7.4.17</unaffected>
<unaffected range="rge">7.4.16</unaffected>
<unaffected range="rge">7.3.19</unaffected>
<unaffected range="rge">7.3.13</unaffected>
<unaffected range="rge">7.3.21</unaffected>
<unaffected range="rge">7.4.19</unaffected>
<vulnerable range="lt">8.0.11</vulnerable>
PostgreSQL is an open source object-relational database management
PostgreSQL does not correctly check the data types of the SQL function
arguments under unspecified circumstances nor the format of the
provided tables in the query planner.
<impact type="normal">
A remote authenticated attacker could send specially crafted queries to
the server that could result in a server crash and possibly the
unauthorized reading of some database content or arbitrary memory.
There is no known workaround at this time.
All PostgreSQL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;dev-db/postgresql&quot;</code>
<uri link="">CVE-2007-0555</uri>
<uri link="">CVE-2007-0556</uri>
<metadata tag="requester" timestamp="Fri, 09 Mar 2007 22:33:46 +0000">
<metadata tag="bugReady" timestamp="Mon, 12 Mar 2007 16:09:31 +0000">
<metadata tag="submitter" timestamp="Tue, 13 Mar 2007 19:55:02 +0000">