Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#6996 - Warning on postgresql

Attached to Project: Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Tuesday, 24 April 2007, 19:26 GMT
Last edited by Roman Kyrylych (Romashka) - Saturday, 12 May 2007, 10:59 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Judd Vinet (judd)
Jan de Groot (JGC)
Architecture All
Severity High
Priority Normal
Reported Version 0.8 Voodoo
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#26
------------------------------------------------------------

Name: postgresql
Date: 2007-04-24
Severity: High
Warning #: 2007-#26

------------------------------------------------------------

Product Background
===================
PostgreSQL is a powerful, open source relational database system

Problem Background - Impact
===================
A vulnerability involving insecure search_path settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition.


Problem Packages
===================
Package: postgresql
Repo: current
Group: daemons
Unsafe: < 8.2.4
Safe: >= 8.2.4

Package Fix
===================
Upgrade to 8.2.4

===================

Unofficial ArchLinux Security Bug Tracker:
http://jjdanimoth.netsons.org/alsw.html

Reference(s)
===================
http://www.postgresql.org/support/security.html
http://www.postgresql.org/docs/current/static/release-8-2-4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
http://www.postgresql.org/about/news.791
This task depends upon

Closed by  Roman Kyrylych (Romashka)
Saturday, 12 May 2007, 10:59 GMT
Reason for closing:  Fixed
Comment by Andreas Radke (AndyRTR) - Saturday, 28 April 2007, 22:15 GMT
x86_64 pkg updated
Comment by DaNiMoTh (DaNiMoTh) - Saturday, 12 May 2007, 09:10 GMT
i686 too.
You can safely close this

Loading...