PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command. Additional information is here: http://archives.postgresql.org/pgsql-announce/2002-10/msg00000.php
Tom, Can you take a look at this issue and let me know if we're vulnerable. I've not verified it one way of the other.
AFAIK Red Hat has never shipped Postgres 7.2.anything --- we went from 7.1.* to 7.3.*. Certainly 2.1AS is still using 7.1.3. (No, this issue doesn't apply to PG 7.1.*.)