CVE-2007-6601

Published: 9 January 2008

The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278.

Priority

Status

Package	Release	Status
postgresql-8.1 Launchpad, Ubuntu, Debian	dapper	Released (8.1.11-0ubuntu0.6.06.1)
	edgy	Released (8.1.11-0ubuntu0.6.10.1)
	feisty	Needed (reached end-of-life)
	gutsy	Needed (reached end-of-life)
	hardy	Does not exist
	intrepid	Does not exist
	upstream	Needs triage
postgresql-8.2 Launchpad, Ubuntu, Debian	dapper	Does not exist
	edgy	Does not exist
	feisty	Released (8.2.6-0ubuntu0.7.04.1)
	gutsy	Released (8.2.6-0ubuntu0.7.10.1)
	hardy	Released (8.2.6-1)
	intrepid	Does not exist
	upstream	Needs triage

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/postgresql/+bug/181720

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›