It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution. For the stable distribution (lenny), this problem has been fixed in version 8.3.14-0lenny1 of the postgresql-8.3 package. For the testing distribution (squeeze), this problem has been fixed in version 8.4.7-0squeeze1 of the postgresql-8.4 package. For the unstable distribution (sid), this problem has been fixed in version 8.4.7-1 of the postgresql-8.4 package and version 9.0.3-1 of the postgresql-9.0 package. The updates also include reliability improvements; for details see the respective changelogs. We recommend that you upgrade your PostgreSQL packages.
It was discovered that PostgreSQL's intarray contrib module does not properly handle integers with a large number of digits, leading to a server crash and potentially arbitrary code execution.
For the stable distribution (lenny), this problem has been fixed in version 8.3.14-0lenny1 of the postgresql-8.3 package.
For the testing distribution (squeeze), this problem has been fixed in version 8.4.7-0squeeze1 of the postgresql-8.4 package.
For the unstable distribution (sid), this problem has been fixed in version 8.4.7-1 of the postgresql-8.4 package and version 9.0.3-1 of the postgresql-9.0 package.
The updates also include reliability improvements; for details see the respective changelogs.
We recommend that you upgrade your PostgreSQL packages.