Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1975 to the following vulnerability: Name: CVE-2010-1975 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1975 Assigned: 20100519 Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-7-4-29.html Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-0-25.html Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-1-21.html Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-2-17.html Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-3-11.html Reference: CONFIRM: http://www.postgresql.org/docs/current/static/release-8-4-4.html PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
Statement: This issue has been addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0428.html This issue has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0429.html and https://rhn.redhat.com/errata/RHSA-2010-0430.html There is not plan to address this issue in the PostgreSQL packages as shipped with Red Hat Enterprise Linux 3.
Upstream commit: [1] http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=a9dec915c5588f4ce8e7ef94fabe508c88e4a350