Any logged-in database user who has the ability to create tables and functions
(which in most installations will be everybody) can acquire database superuser
privilege, which means he can make the server process do whatever he wants.
Public now, lifting embargo:
postgresql-8.2.6-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
postgresql-8.2.6-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Application Stack:
Red Hat Enterprise Linux: