Bugtraq mailing list archives
rPSA-2007-0081-1 postgresql postgresql-server
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 24 Apr 2007 00:57:07 -0400
rPath Security Advisory: 2007-0081-1 Published: 2007-04-24 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Deterministic Privilege Escalation Updated Versions: postgresql=/conary.rpath.com@rpl:devel//1/8.1.9-0.1-1 postgresql-server=/conary.rpath.com@rpl:devel//1/8.1.9-0.1-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138 https://issues.rpath.com/browse/RPL-1292 Description: Previous versions of the postgresql package have a weakness in security definer functions, in which an authenticated but otherwise unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function.
Current thread:
- rPSA-2007-0081-1 postgresql postgresql-server rPath Update Announcements (Apr 24)