0460921154
The PostgreSQL Global Development Group has released updated versions for PostgreSQL 8.2 and all back versions to patch a privilege escalation exploit in SECURITY DEFINER functions. All users of this feature are urged to update to the latest minor version and follow instructions on securing these functions as soon as possible. This minor release also contains other fixes, so all users should plan to deploy it. Once you have updated, additional steps are required to secure your database against the exploit. Please read the release notes at http://www.postgresql.org/docs/8.2/static/release.html and the TechDocs article at http://www.postgresql.org/docs/techdocs.77 on how to lock down your security definer functions, if you use them. As always, application of a minor release does not require a dump and reload of the database. The frequency of security fixes recently is a result of increased scrutiny of the PostgreSQL code by government agencies and security-conscious companies. Rapid turnaround on security patches is key to keeping PostgreSQL the most secure SQL database. Your work and vigilance in applying the latest security updates ensures that there will never be a PostgreSQL "worm". http://www.postgresql.org/docs/8.2/static/release-8-2-4.html http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-9 http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-13 http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-17 http://www.postgresql.org/docs/techdocs.77 Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138 |
||
|---|---|---|
| .. | ||
| files | ||
| distinfo | ||
| Makefile | ||
| pkg-descr | ||
| pkg-install-server | ||
| pkg-plist | ||
| pkg-plist-client | ||
| pkg-plist-contrib | ||
| pkg-plist-plperl | ||
| pkg-plist-plpython | ||
| pkg-plist-pltcl | ||
| pkg-plist-server | ||