Quoting the PostgreSQL release notes: http://www.postgresql.org/docs/8.2/static/release-8-2-4.html Support explicit placement of the temporary-table schema within search_path, and disable searching it for functions and operators (Tom) This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, an unprivileged SQL user can use temporary objects to execute code with the privileges of the security-definer function (CVE-2007-2138). See CREATE FUNCTION for more information. This flaw also affects RHEL 3 and 4
I've built the following: RHEL5 postgresql-8.1.9-1.el5 RHEL4 postgresql-7.4.17-1.RHEL4.1 RHEL3 rh-postgresql-7.3.19-1 but just now realized that they all went into qu dists not async ... hope that's not a problem.
*** Bug 237823 has been marked as a duplicate of this bug. ***
Yeah, I know what it's for; I was wondering if it was intentional that rpmdiff is now making this check in pre-RHEL5 branches, when it never did before. I asked on os-devel-list and didn't get a clear answer. Anyway jakub did agree that a security update isn't the time to be trying to fix such things. I've waived it since it's not a regression.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0336.html