A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
postgresql
The problem can be corrected by upgrading the affected package to version 7.4.5-3ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
John Heasman discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library's initialisation function was then executed with the permissions of the server.
Now the use of LOAD is restricted to the database superuser (usually 'postgres').
Note: Since there is no way for normal database users to create arbitrary files, this vulnerability is not exploitable remotely, e. g. by uploading a shared library in the form of a Binary Large Object (BLOB) to a public web server.