Debian Security Advisory
DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow
- Date Reported:
- 03 Feb 2011
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2010-4015.
- More information:
It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
For the stable distribution (lenny), this problem has been fixed in version 8.3.14-0lenny1 of the postgresql-8.3 package.
For the testing distribution (squeeze), this problem has been fixed in version 8.4.7-0squeeze1 of the postgresql-8.4 package.
For the unstable distribution (sid), this problem has been fixed in version 8.4.7-1 of the postgresql-8.4 package and version 9.0.3-1 of the postgresql-9.0 package.
The updates also include reliability improvements; for details see the respective changelogs.
We recommend that you upgrade your PostgreSQL packages.