If PostgreSQL was configured to use Perl and/or Tcl stored procedures a remote authenticated attacker could run programs as the database user.
It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. (CVE-2010-1169)
21 May 2010
A security issue affects these releases of Ubuntu and its derivatives:
If PostgreSQL was configured to use Perl and/or Tcl stored procedures a remote authenticated attacker could run programs as the database user.
It was discovered that the Safe.pm module as used by PostgreSQL did not properly restrict PL/perl procedures. If PostgreSQL was configured to use Perl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Perl code. (CVE-2010-1169)
It was discovered that PostgreSQL did not properly check permissions to restrict PL/Tcl procedures. If PostgreSQL was configured to use Tcl stored procedures, a remote authenticated attacker could exploit this to execute arbitrary Tcl code. (CVE-2010-1170)
It was discovered that PostgreSQL did not properly check privileges during certain RESET ALL operations. A remote authenticated attacker could exploit this to remove all special parameter settings for a user or database. (CVE-2010-1975)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
Vulmon