Summary
The remote host is missing updates announced in
advisory GLSA 200607-04.
Solution
All PostgreSQL users should upgrade to the latest version in the respective branch they are using:
# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql
Note: While a fix exists for the 7.3 branch it doesn't currently work on Gentoo. All 7.3.x users of PostgreSQL should consider updating their installations to the 7.4 (or higher) branch as soon as possible!
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-04 http://bugs.gentoo.org/show_bug.cgi?id=134168
http://www.postgresql.org/docs/techdocs.50
Insight
A flaw in the multibyte character handling allows execution of arbitrary SQL statements.
Severity
Classification
-
CVE CVE-2006-2313, CVE-2006-2314 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities