Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Revised Security Release available for 8.2, 8.1, 8.0
Posted on 2007-02-07
Posted by josh@postgresql.org
The PostgreSQL Global Development Group releases today a security update for all PostgreSQL 8.X versions: minor versions 8.2.3, 8.1.8, 8.0.12. This release replaces the security release from February 5th, which contained a type-casting bug affecting many users.
If you downloaded a copy of 8.2.2, 8.1.7 or 8.0.11, you should discard that version and install the updated versions instead.
This release fixes CVE-2007-0555 and CVE-2007-0556. Both of these issues allow an authenticated attacker with the permissions to run arbitrary SQL to launch a denial-of-service attack or possibly read out random chunks of memory. Since attacks to require authenticated access, the security hole is only considered medium risk. You can read more about the issues on Mitre:
CVE-2007-0555
CVE-2007-0556
The new minor versions may be downloaded from our download page. Users will not need to dump & reload
for the upgrade. However, see the release notes for your target version.
Posted by josh@postgresql.org
The PostgreSQL Global Development Group releases today a security update for all PostgreSQL 8.X versions: minor versions 8.2.3, 8.1.8, 8.0.12. This release replaces the security release from February 5th, which contained a type-casting bug affecting many users.
If you downloaded a copy of 8.2.2, 8.1.7 or 8.0.11, you should discard that version and install the updated versions instead.
This release fixes CVE-2007-0555 and CVE-2007-0556. Both of these issues allow an authenticated attacker with the permissions to run arbitrary SQL to launch a denial-of-service attack or possibly read out random chunks of memory. Since attacks to require authenticated access, the security hole is only considered medium risk. You can read more about the issues on Mitre:
CVE-2007-0555
CVE-2007-0556
The new minor versions may be downloaded from our download page. Users will not need to dump & reload
for the upgrade. However, see the release notes for your target version.