PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability

Bugtraq ID:	23618
Class:	Unknown
CVE:	CVE-2007-2138
Remote:	No
Local:	Yes
Published:	Apr 24 2007 12:00AM
Updated:	Jun 18 2007 10:39AM
Credit:	The vendor disclosed this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Trustix Secure Linux 3.0.5 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 Sun Solaris 10.0_x86 Sun Solaris 10.0 SGI ProPack 3.0 SP6 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 PostgreSQL PostgreSQL 8.2.3 PostgreSQL PostgreSQL 8.2.2 PostgreSQL PostgreSQL 8.2 PostgreSQL PostgreSQL 8.1.8 PostgreSQL PostgreSQL 8.1.5 PostgreSQL PostgreSQL 8.1.4 PostgreSQL PostgreSQL 8.1.3 PostgreSQL PostgreSQL 8.1.1 PostgreSQL PostgreSQL 8.0.317 PostgreSQL PostgreSQL 8.0.9 PostgreSQL PostgreSQL 8.0.8 PostgreSQL PostgreSQL 8.0.7 PostgreSQL PostgreSQL 8.0.5 PostgreSQL PostgreSQL 8.0.4 PostgreSQL PostgreSQL 8.0.3 PostgreSQL PostgreSQL 8.0.2 + Trustix Secure Linux 2.2 PostgreSQL PostgreSQL 8.0.1 PostgreSQL PostgreSQL 8.0 + Trustix Secure Linux 2.2 PostgreSQL PostgreSQL 7.4.14 PostgreSQL PostgreSQL 7.4.13 PostgreSQL PostgreSQL 7.4.12 PostgreSQL PostgreSQL 7.4.11 PostgreSQL PostgreSQL 7.4.10 PostgreSQL PostgreSQL 7.4.9 PostgreSQL PostgreSQL 7.4.8 PostgreSQL PostgreSQL 7.4.7 PostgreSQL PostgreSQL 7.4.6 + Trustix Secure Linux 2.1 PostgreSQL PostgreSQL 7.4.5 PostgreSQL PostgreSQL 7.4.4 PostgreSQL PostgreSQL 7.4.3 PostgreSQL PostgreSQL 7.4.2 PostgreSQL PostgreSQL 7.4.1 PostgreSQL PostgreSQL 7.4 PostgreSQL PostgreSQL 7.3.16 PostgreSQL PostgreSQL 7.3.15 PostgreSQL PostgreSQL 7.3.14 PostgreSQL PostgreSQL 7.3.13 PostgreSQL PostgreSQL 7.3.12 PostgreSQL PostgreSQL 7.3.11 PostgreSQL PostgreSQL 7.3.10 PostgreSQL PostgreSQL 7.3.9 PostgreSQL PostgreSQL 7.3.8 PostgreSQL PostgreSQL 7.3.6 PostgreSQL PostgreSQL 7.3.4 + OpenPKG OpenPKG Current PostgreSQL PostgreSQL 7.3.3 PostgreSQL PostgreSQL 7.3.2 PostgreSQL PostgreSQL 7.3.1 PostgreSQL PostgreSQL 7.3 PostgreSQL PostgreSQL 7.2.7 + SuSE Linux 8.1 PostgreSQL PostgreSQL 7.2.4 + Redhat Linux 8.0 + Redhat Linux 7.3 PostgreSQL PostgreSQL 7.2.3 PostgreSQL PostgreSQL 7.2.2 PostgreSQL PostgreSQL 7.2.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux 0.7 + Gentoo Linux 0.5 PostgreSQL PostgreSQL 7.2 PostgreSQL PostgreSQL 7.1.3 PostgreSQL PostgreSQL 7.1.2 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 PostgreSQL PostgreSQL 7.1.1 PostgreSQL PostgreSQL 7.1 PostgreSQL PostgreSQL 7.0.3 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + SuSE Linux 7.1 x86 + SuSE Linux 7.1 sparc + SuSE Linux 7.1 ppc + SuSE Linux 7.1 alpha + SuSE Linux 7.1 PostgreSQL PostgreSQL 7.0.2 PostgreSQL PostgreSQL 6.5.3 + Wirex Immunix OS 6.2 PostgreSQL PostgreSQL 6.3.2 PostgreSQL PostgreSQL 8.1.7 PostgreSQL PostgreSQL 8.0.11 PostgreSQL PostgreSQL 7.4.16 PostgreSQL PostgreSQL 7.3.13 PDGSoft Shopping Cart 8.1.2 PDGSoft Shopping Cart 8.1 PDGSoft Shopping Cart 8.0.6 Pardus Linux 2007.1 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Messaging Storage Server MSS 3.0 Avaya Message Networking MN 3.1 Avaya Message Networking Avaya CCS 3.0 Avaya CCS 2.0
Not Vulnerable:	PostgreSQL PostgreSQL 8.2.4 PostgreSQL PostgreSQL 8.1.9 PostgreSQL PostgreSQL 8.0.13 PostgreSQL PostgreSQL 7.4.17 PostgreSQL PostgreSQL 7.3.19

PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability

PostgreSQL is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to escalate privileges in the context of the 'security_definer' function.

PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 are vulnerable to this issue.

PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability

Solution:
PostgeSQL has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.


Sun Solaris 10.0

• Cuyahoga 123590-05
  http://sunsolve.sun.com/patches/

PostgreSQL PostgreSQL 8.1.4

• Mandriva lib64ecpg5-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64ecpg5-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64ecpg5-devel-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64ecpg5-devel-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64pq4-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64pq4-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64pq4-devel-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64pq4-devel-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva libecpg5-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libecpg5-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libecpg5-devel-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libecpg5-devel-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libpq4-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libpq4-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva libpq4-devel-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva libpq4-devel-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-contrib-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-contrib-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-contrib-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-contrib-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-devel-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-devel-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-devel-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-devel-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-docs-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-docs-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-docs-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-docs-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pl-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pl-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pl-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pl-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plperl-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plperl-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plperl-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plperl-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpgsql-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpgsql-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpgsql-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpgsql-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpython-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpython-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpython-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpython-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pltcl-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pltcl-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pltcl-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pltcl-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-server-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-server-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-server-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-server-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-test-8.1.9-0.1.20060mlcs4.i586.rpm
  Corporate 4.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-test-8.1.9-0.1.20060mlcs4.x86_64.rpm
  Corporate 4.0/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-test-8.1.9-0.1mdv2007.0.i586.rpm
  Mandriva Linux 2007.0:
  http://www.mandriva.com/en/download


• Mandriva postgresql-test-8.1.9-0.1mdv2007.0.x86_64.rpm
  Mandriva Linux 2007.0/X86_64:
  http://www.mandriva.com/en/download

PostgreSQL PostgreSQL 8.2.3

• Mandriva lib64ecpg5-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64ecpg5-devel-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64pq5-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva lib64pq5-devel-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva libecpg5-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva libecpg5-devel-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva libpq5-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva libpq5-devel-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-contrib-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-contrib-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-devel-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-devel-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-docs-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-docs-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pl-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pl-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plperl-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plperl-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpgsql-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpgsql-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpython-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-plpython-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pltcl-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-pltcl-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-server-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-server-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download


• Mandriva postgresql-test-8.2.4-0.1mdv2007.1.i586.rpm
  Mandriva Linux 2007.1:
  http://www.mandriva.com/en/download


• Mandriva postgresql-test-8.2.4-0.1mdv2007.1.x86_64.rpm
  Mandriva Linux 2007.1/X86_64:
  http://www.mandriva.com/en/download

PostgreSQL SECURITY DEFINER Function Local Privilege Escalation Vulnerability

References:

• PostgreSQL Project Homepage (PostgreSQL)
  
• PostgreSQL Security Information (PostgreSQL )
  
• RHSA-2007:0337-2 - postgresql security update (RedHat)
  
• Security Update Releases (PostgreSQL)
  
• ASA-2007-190 PostgreSQL security update (RHSA-2007-0336 and RHSA-2007-0337) (Avaya)
  
• RHSA-2007:0336-2 postgresql security update (Red Hat)
  
• Sun Alert ID: 102894 Security Vulnerability in PostgreSQL SECURITY DEFINER Funct (Sun)