------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#26 ------------------------------------------------------------
Name: postgresql Date: 2007-04-24 Severity: High Warning #: 2007-#26 ------------------------------------------------------------ Product Background =================== PostgreSQL is a powerful, open source relational database system Problem Background - Impact =================== A vulnerability involving insecure search_path settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition. Problem Packages =================== Package: postgresql Repo: current Group: daemons Unsafe: < 8.2.4 Safe: >= 8.2.4 Package Fix =================== Upgrade to 8.2.4 =================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== http://www.postgresql.org/support/security.html http://www.postgresql.org/docs/current/static/release-8-2-4.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138 http://www.postgresql.org/about/news.791
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
