Vincent Danen wrote:
A stack overflow was found in how PostgreSQL handles conversion encoding. This
could allow an authenticated user to kill connections to the PostgreSQL server
for a small amount of time, which could interupt transactions by other
The original report is here:
Upstream has a patch for this issue that causes the server to crash in a
different way (core dump due to abort() rather than core dump due to stack
overflow), but it sounds like they are still looking for a better fix.
According to upstream , this issue is fixed in the following releases: 8.3.7, 8.2.13, 8.1.17, 8.0.21, 7.4.25
This should be resolved along with bug 320967.
This issue was resolved and addressed in
GLSA 201110-22 at http://security.gentoo.org/glsa/glsa-201110-22.xml
by GLSA coordinator Alex Legler (a3li).