- Vulnerability/
- RHSA-2008:0039
RHSA-2008:0039: Moderate: postgresql security update
First published: Fri Jan 11 2008(Updated: )
PostgreSQL is an advanced Object-Relational database management system<br>(DBMS). The postgresql packages include the client programs and libraries<br>needed to access a PostgreSQL DBMS server.<br>A privilege escalation flaw was discovered in PostgreSQL. An authenticated<br>attacker could create an index function that would be executed with<br>administrator privileges during database maintenance tasks, such as<br>database vacuuming. (CVE-2007-6600)<br>A privilege escalation flaw was discovered in PostgreSQL's Database Link<br>library (dblink). An authenticated attacker could use dblink to possibly<br>escalate privileges on systems with "trust" or "ident" authentication<br>configured. Please note that dblink functionality is not enabled by<br>default, and can only by enabled by a database administrator on systems<br>with the postgresql-contrib package installed.<br>(CVE-2007-3278, CVE-2007-6601)<br>All postgresql users should upgrade to these updated packages, which<br>include PostgreSQL 7.3.21 and resolve these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/severity
- agent/title
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0039