privilege escalation via dblink (second attempt at fixing issue reported in CVE-2007-3278; the previous patch fixed only some of the functions that expose the hole)
Public now, lifting embargo: http://www.postgresql.org/about/news.905 http://www.postgresql.org/support/security.html
postgresql-8.2.6-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
postgresql-8.2.6-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Application Stack: http://rhn.redhat.com/errata/RHSA-2008-0040.html Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0038.html http://rhn.redhat.com/errata/RHSA-2008-0039.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0552 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0478