Debian Security Advisory DSA 935-1 - iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user.
1fbfde729d90ef315a3051158507d630b5d803b682fc8400630a25098f30c0cd
iDefense Security Advisory 01.09.06 - Remote exploitation of a format string vulnerability in multiple versions of the mod_auth_pgsql authentication module for the Apache httpd could allow the execution of arbitrary code in the context of the httpd. iDefense has confirmed the existence of this vulnerability in version 2.0.2b1 of mod_auth_pgsql for Apache 2.x. It is suspected that earlier versions are also affected.
ae77cef4cf235c34da71db3beb1be182bb43f82c88e9232aab6802083553935b
Ubuntu Security Notice USN-239-1 - Several format string vulnerabilities were discovered in the error logging handling of libapache2-mod-auth-pgsql. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache.
23b54dba202b1193ff7f41a09eb34ff60b78ed247b392d8f10c370bb15fbcf9d