Gentoo Security Advisory GLSA 200607-04 (postgresql) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200607-04.

Solution

All PostgreSQL users should upgrade to the latest version in the respective branch they are using: # emerge --sync # emerge --ask --oneshot --verbose dev-db/postgresql Note: While a fix exists for the 7.3 branch it doesn't currently work on Gentoo. All 7.3.x users of PostgreSQL should consider updating their installations to the 7.4 (or higher) branch as soon as possible! http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200607-04 http://bugs.gentoo.org/show_bug.cgi?id=134168 http://www.postgresql.org/docs/techdocs.50

Insight

A flaw in the multibyte character handling allows execution of arbitrary SQL statements.

Severity

Classification

CVE CVE-2006-2313, CVE-2006-2314

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200404-15 (xchat)
Gentoo Security Advisory GLSA 200405-25 (tla)
Gentoo Security Advisory GLSA 200405-14 (subversion)
Gentoo Security Advisory GLSA 200407-18 (mod_ssl)
Gentoo Security Advisory GLSA 200405-17 (metamail)

Take action and discover your vulnerabilities