CVE-2007-6600

Publication date 9 January 2008

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
postgresql-8.1 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy
Fixed 8.1.11-0ubuntu0.6.10.1
6.06 LTS dapper
Fixed 8.1.11-0ubuntu0.6.06.1
postgresql-8.2 8.10 intrepid Not in release
8.04 LTS hardy
Fixed 8.2.6-1
7.10 gutsy
Fixed 8.2.6-0ubuntu0.7.10.1
7.04 feisty
Fixed 8.2.6-0ubuntu0.7.04.1
6.10 edgy Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-568-1
    • PostgreSQL vulnerabilities
    • 14 January 2008

Other references