Quoted from the Postgresql site: "Due to recent security vulnerabilities reported on BugTraq, concerning several buffer overruns found in PostgreSQL, the PostgreSQL Global Development Team today released v7.2.2 of PostgreSQL that fixes these vulnerabilities. The following buffer overruns have been identified and addressed: * in handling long datetime input * in repeat() * in lpad() and rpad() with multibyte * in SET TIME ZONE and TZ env var " I have not verified that this version is vulnerable, however it was released months before the vulnerabilities were patched, so I expect that it is indeed vulnerable. Other URL's with information on these multiple vulnerabilities include: http://lwn.net/Articles/8445/ http://online.securityfocus.com/archive/1/288334 http://online.securityfocus.com/archive/1/288305 http://online.securityfocus.com/archive/1/288036
An errata to address these flaws (and others) is in progress. However note that these are fairly minor security issues as they would require the ability to be able to connect to the database before they can be exploited.
This is fixed by https://rhn.redhat.com/errata/RHSA-2003-001.html which was released this week.