Quoted from the Postgresql site:
"Due to recent security vulnerabilities reported on BugTraq, concerning several
buffer overruns found in PostgreSQL, the PostgreSQL Global Development Team
today released v7.2.2 of PostgreSQL that fixes these vulnerabilities.
The following buffer overruns have been identified and addressed:
* in handling long datetime input
* in repeat()
* in lpad() and rpad() with multibyte
* in SET TIME ZONE and TZ env var "
I have not verified that this version is vulnerable, however it was released
months before the vulnerabilities were patched, so I expect that it is indeed
Other URL's with information on these multiple vulnerabilities include:
An errata to address these flaws (and others) is in progress. However note that
these are fairly minor security issues as they would require the ability to be
able to connect to the database before they can be exploited.
This is fixed by
which was released this week.