The PostgreSQL Global Development Group has released updates to patch a privilege escalation exploit in SECURITY DEFINER functions. The fix is available in 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 and all users of this feature are strongly urged to update to the latest minor version and follow instructions on securing these functions as soon as possible. These minor releases may also contain other fixes, so all users should review the release notes an plan to deploy them as needed.
Once you have updated, additional steps are required to secure your database against the exploit. Please read the release notes, the CVE information, and the TechDocs instructions on how to lock down your security definer functions, if you use them.
Downloads are in the usual places:
This post has been migrated from a previous version of the PostgreSQL website. We apologise for any formatting issues caused by the migration.