A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.
John Heasman discovered a local privilege escalation in the PostgreSQL
server. Any user could use the LOAD extension to load any shared
library into the PostgreSQL server; the library's initialisation
function was then executed with the permissions of the server.
Now the use of LOAD is restricted to the database superuser (usually
Note: Since there is no way for normal database users to create
arbitrary files, this vulnerability is not exploitable remotely, e. g.
by uploading a shared library in the form of a Binary Large Object
(BLOB) to a public web server.