PostgreSQL security update available now
| От | Josh Berkus |
|---|---|
| Тема | PostgreSQL security update available now |
| Дата | |
| Msg-id | 200702050932.44529.josh@postgresql.org обсуждение исходный текст |
| Список | pgsql-announce |
The PostgreSQL Global Development Group releases today a security update for all recent PostgreSQL versions: minor versions 8.2.2, 8.1.7, 8.0.11, 7.4.16 and 7.3.18. Because this patches a medium-risk security hole, all users are urged to upgrade at the earliest opportunity. This release fixes CVE-2007-0555 and CVE-2007-0556. Both of these issues allow an authenticated attacker with the permissions to run arbitrary SQL to launch a denial-of-service attack or possibly read out random chunks of memory. Since attacks to require authenticated access, the security hole is only considered medium risk. You can read more about the issues on Mitre: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556 In keeping with the PostgreSQL Project's security fix policies, this update is being released as quickly as possible: within 2 weeks of the first bug report, and within five days of developing a fix. This type of fast response is central to PostgreSQL's reputation as one of the most secure databases in the industry. The new minor versions may be downloaded from our download page: http://www.postgresql.org/download/. Users will not need to dump & reload for the upgrade. However, see the release notes for your target version: http://www.postgresql.org/docs/8.2/static/release.html -- PostgreSQL Core Team ---------------------------(end of broadcast)--------------------------- -To unsubscribe from this list, send an email to: pgsql-announce-unsubscribe@postgresql.org
В списке pgsql-announce по дате отправления: