6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.6%
CentOS Errata and Security Advisory CESA-2007:0336
PostgreSQL is an advanced Object-Relational database management system
(DBMS).
A flaw was found in the way PostgreSQL allows authenticated users to
execute security-definer functions. It was possible for an unprivileged
user to execute arbitrary code with the privileges of the security-definer
function. (CVE-2007-2138)
Users of PostgreSQL should upgrade to these updated packages containing
PostgreSQL version 8.1.9, 7.4.17, and 7.3.19 which corrects this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-May/075895.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075896.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075897.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075898.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075899.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075900.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075903.html
https://lists.centos.org/pipermail/centos-announce/2007-May/075906.html
Affected packages:
postgresql
postgresql-contrib
postgresql-debuginfo
postgresql-devel
postgresql-docs
postgresql-jdbc
postgresql-libs
postgresql-pl
postgresql-python
postgresql-server
postgresql-tcl
postgresql-test
rh-postgresql
rh-postgresql-contrib
rh-postgresql-devel
rh-postgresql-docs
rh-postgresql-jdbc
rh-postgresql-libs
rh-postgresql-pl
rh-postgresql-python
rh-postgresql-server
rh-postgresql-tcl
rh-postgresql-test
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0336