The PostgreSQL Global Development Group today released security updates for all active branches of the PostgreSQL object-relational database system, including versions 9.0.3, 8.4.7, 8.3.14 and 8.2.20.
This update includes a security fix which prevents a buffer overrun in the contrib module [HTML_REMOVED]intarray[HTML_REMOVED]'s input function for the query_int type. This bug is a security risk since the function's return address could be overwritten by malicious code.
All supported versions of PostgreSQL are impacted. However, the affected contrib module is optional. Only users who have installed the intarray module in their database are affected. See the CVE Advisory.
This release includes 63 bugfixes, including:
The 9.0.3 update also contains several fixes for issues with features introduced or changed in version 9.0:
Overall, these releases include 33 patches to 9.0, 20 patches to 8.4, 20 patches to 8.3, and 18 patches to 8.2.
See the release notes for each version for a full list of changes with details.
As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Users skipping more than one update may need to check the release notes for extra,
Download new versions now:
This post has been migrated from a previous version of the PostgreSQL website. We apologise for any formatting issues caused by the migration.