Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200607-04 ] PostgreSQL: SQL injection
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message

Joined: 12 May 2004
Posts: 2308

PostPosted: Sun Jul 09, 2006 6:26 pm    Post subject: [ GLSA 200607-04 ] PostgreSQL: SQL injection Reply with quote

Gentoo Linux Security Advisory

Title: PostgreSQL: SQL injection (GLSA 200607-04)
Severity: normal
Exploitable: remote
Date: July 09, 2006
Updated: June 26, 2007
Bug(s): #134168
ID: 200607-04


A flaw in the multibyte character handling allows execution of arbitrary SQL statements.


PostgreSQL is an open source object-relational database management system.

Affected Packages

Package: dev-db/postgresql
Vulnerable: < 8.0.8
Vulnerable: < 7.4.13
Unaffected: >= 8.0.8
Unaffected: = 7.4*
Architectures: All supported architectures


PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by Akio Ishida and Yasuo Ohgaki.


An attacker could execute arbitrary SQL statements on the PostgreSQL server. Be aware that web applications using PostgreSQL as a database back-end might be used to exploit this vulnerability.


There is no known workaround at this time.


All PostgreSQL users should upgrade to the latest version in the respective branch they are using:
# emerge --sync
# emerge --ask --oneshot --verbose dev-db/postgresql
Note: While a fix exists for the 7.3 branch it doesn't currently work on Gentoo. All 7.3.x users of PostgreSQL should consider updating their installations to the 7.4 (or higher) branch as soon as possible!


PostgreSQL technical information

Last edited by GLSA on Wed Jun 27, 2007 4:18 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum