Debian: DSA-1463-1 Important Local Vulnerabilities in PostgreSQL
debian
January 14, 2008
Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database
Summary
It was discovered that the DBLink module performed insufficient
credential validation. This issue is also tracked as CVE-2007-6601,
since the initial upstream fix was incomplete.
CVE-2007-4769
Tavis Ormandy and Will Drewry discovered that a bug in the handling
of back-references inside the regular expressions engine could lead
to an out of bands read, resulting in a crash. This constitutes only
a security problem if an application using ProgreSQL processes
regular expressions from untrusted sources.
CVE-2007-4772
Tavis Ormandy and Will Drewry discovered that the optimizer for regular
expression could be tricked into an infinite loop, resulting in denial
of service. This constitutes only a security problem if an application
using ProgreSQL processes regular expressions from untrusted sources.
CVE-2007-6067
Tavis Ormandy and Will Drewry discovered that the optimizer for regular
expression could be tricked massive ressource...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!