Main Vulnerability Database SB2007031602

SB2007031602 - Gentoo update for PostgreSQL

Published: March 16, 2007 Updated: June 28, 2025

Security Bulletin ID SB2007031602

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2007-0555)

The vulnerability allows a remote user to read data or crash the application.

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.

2) Input validation error (CVE-ID: CVE-2007-0556)

The vulnerability allows a remote user to read data or crash the application.

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/glsa/200703-15