CVE-2007-2138

Publication date 24 April 2007

Last updated 17 July 2025

Ubuntu priority

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

Status

Show unmaintained releases

Package	Ubuntu Release	Status
postgresql-8.1	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 8.1.10-1
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Fixed 8.1.9-0ubuntu0.6.10
	6.06 LTS dapper	Fixed 8.1.9-0ubuntu0.6.06
postgresql-8.2	8.04 LTS hardy	Fixed 8.2.5-1
	7.10 gutsy	Fixed 8.2.5-1
	7.04 feisty	Fixed 8.2.4-0ubuntu0.7.04
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-454-1
PostgreSQL vulnerability
27 April 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-2138