New News Entry

A new entry has been added to the news database.

Database Admin: http://www.postgresql.org/admin/edit_news.php?234

Submitted by: press@PostgreSQL.org
Headline: PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4
Summary:

In order to address a recent security report from iDefence, we have released 3 new \"point\" releases: 7.2.6, 7.3.8 and
7.4.6.Click the news title for details. 


Story:

In order to address a recent security report from iDefence, we have released 3 new \"point\" releases: 7.2.6, 7.3.8 and
7.4.6

     
Although rated only a Medium risk, according to their web site: \"A vulnerability exists due to the insecure creation
oftemporary files, which could possibly let a malicious user overwrite arbitrary files.\" 

     
Also in these releases is a potential \'data loss\' bug that was recently identified:

     
     * Repair possible failure to update hint bits on disk

           Under rare circumstances this oversight could lead to \"could not access transaction status\" failures,
whichqualifies it as a   potential-data-loss bug. 

     
Although not yet available via Bittorrent, these releases are available through ftp at all of the mirrors, as well as
the(S)RPMS for various OSes. 

     
For a listing of all currently available FTP mirrors, please see:

     
        <a href=\"http://www.postgresql.org/mirrors-ftp.html\">http://www.postgresql.org/mirrors-ftp.html
</a>