Security Alert: PostgreSQL Vulnerability CVE-2007-2138 on Scientific Linux

May 08, 2007 •

LinuxSecurity Advisories

2 - 3 min read

Scientific Large Esm H500

Topics Covered

security advisory security update postgresql scientific linux unprivileged access

Moderate: postgresql security update

Date: Tue, 8 May 2007 17:54:50 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security errata for postgresql on SL4 i386,x86_64, SL5 i386
Comments: To: scientific 

Available from

---------------------------------------------------------------------------
Synopsis: Moderate: postgresql security update
Issue date: 2007-05-08
CVE Names: CVE-2007-2138

Updated postgresql packages that fix several security issues are now
available.

A flaw was found in the way PostgreSQL allows authenticated users to
execute security-definer functions. It was possible for an unprivileged
user to execute arbitrary code with the privileges of the security-definer
function. (CVE-2007-2138)

SL4:

 SRPMS:
 	postgresql-7.4.17-1.RHEL4.1.src.rpm

 i386:
 	postgresql-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-contrib-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-devel-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-docs-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-jdbc-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-libs-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-pl-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-python-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-server-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-tcl-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-test-7.4.17-1.RHEL4.1.i386.rpm

 x86_64:
 	postgresql-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-contrib-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-devel-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-docs-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-jdbc-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-libs-7.4.17-1.RHEL4.1.i386.rpm
 	postgresql-libs-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-pl-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-python-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-server-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-tcl-7.4.17-1.RHEL4.1.x86_64.rpm
 	postgresql-test-7.4.17-1.RHEL4.1.x86_64.rpm

SL5:

 SRPMS:
 	postgresql-8.1.9-1.el5.src.rpm

 i386:
 	postgresql-8.1.9-1.el5.i386.rpm
 	postgresql-contrib-8.1.9-1.el5.i386.rpm
 	postgresql-devel-8.1.9-1.el5.i386.rpm
 	postgresql-docs-8.1.9-1.el5.i386.rpm
 	postgresql-libs-8.1.9-1.el5.i386.rpm
 	postgresql-pl-8.1.9-1.el5.i386.rpm
 	postgresql-python-8.1.9-1.el5.i386.rpm
 	postgresql-server-8.1.9-1.el5.i386.rpm
 	postgresql-tcl-8.1.9-1.el5.i386.rpm
 	postgresql-test-8.1.9-1.el5.i386.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here