Red Hat Bugzilla – Bug 237680
CVE-2007-2138 PostgreSQL security-definer function privilege escalation
Last modified: 2013-07-02 23:12:55 EDT
Quoting the PostgreSQL release notes:
Support explicit placement of the temporary-table schema within search_path,
and disable searching it for functions and operators (Tom)
This is needed to allow a security-definer function to set a truly secure
value of search_path. Without it, an unprivileged SQL user can use temporary
objects to execute code with the privileges of the security-definer function
(CVE-2007-2138). See CREATE FUNCTION for more information.
This flaw also affects RHEL 3 and 4
I've built the following:
but just now realized that they all went into qu dists not async ...
hope that's not a problem.
*** Bug 237823 has been marked as a duplicate of this bug. ***
Yeah, I know what it's for; I was wondering if it was intentional that rpmdiff
is now making this check in pre-RHEL5 branches, when it never did before. I
asked on os-devel-list and didn't get a clear answer. Anyway jakub did agree
that a security update isn't the time to be trying to fix such things. I've
waived it since it's not a regression.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.