The PostgreSQL team reports:
Due to inadequate validity checking, a user could exploit
the special case that SET ROLE normally uses to restore
the previous role setting after an error. This allowed
ordinary users to acquire superuser status, for
example.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | postgresql-server | = 8.1.0 | UNKNOWN |
FreeBSD | any | noarch | postgresql-server | < 8.1.3 | UNKNOWN |