Main Vulnerability Database SB2007051002

SB2007051002 - Gentoo update for PostgreSQL

Published: May 10, 2007 Updated: June 28, 2025

Security Bulletin ID SB2007051002

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-2138)

The vulnerability allows a remote user to read and manipulate data.

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/glsa/200705-12