Skip site navigation (1) Skip section navigation (2)

Minor Releases 7.3 thru 8.1 Available to Fix Security Issue

From: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>
To: pgsql-announce(at)postgresql(dot)org
Cc: pgsql-general(at)postgresql(dot)org
Subject: Minor Releases 7.3 thru 8.1 Available to Fix Security Issue
Date: 2006-02-14 15:18:33
Message-ID: 20060214111455.V60635@ganymede.hub.org (view raw or flat)
Thread:
Lists: pgsql-announcepgsql-general
PostgreSQL minor version 8.1.3 has been released, containing a patch for a 
serious security issue present in the 8.1 branch.  All users of 8.1 are 
urged to upgrade at the earliest opportunity.  

Minor versions 8.0.7, 7.4.12, and 7.3.14 are being released at the same 
time.  These  contain only minor bug fixes to the 8.0, 7.4 and 7.3 
versions and can be upgraded on a more planned schedule, unless of course 
you are encountering one of the bugs described.

The security issue in 8.1.x allows an authenticated database user to 
escalate his ROLE privileges by exploiting knowledge of the backend 
protocol.  While there are no known exploits in the wild for this, users 
are urged not to wait until they encounter one.

8.1.3 also contains a number of other bug fixes, most of them for very 
specific (rare) database configurations and schema issues, but including a 
number of crash fixes.   Notable also is a fix to the TSearch2 GiST index 
generation code which will significantly speed up creation of TSearch2 
indexes.   See the release notes for more detail:

 	http://www.postgresql.org/docs/8.1/static/release.html

As usual, you may download the new releases from our FTP Mirrors or
BitTorrent:

 		http://www.postgresql.org/download/

Responses

pgsql-announce by date

Next:From: Nels LindquistDate: 2006-02-16 16:58:36
Subject: Re: Minor Releases 7.3 thru 8.1 Available to Fix Security
Previous:From: David FetterDate: 2006-02-13 05:50:09
Subject: == PostgreSQL Weekly News - February 12 2006 ==

pgsql-general by date

Next:From: Tom LaneDate: 2006-02-14 15:21:11
Subject: Re: Dropping a database that does not exist
Previous:From: Sebastjan TrepcaDate: 2006-02-14 15:13:03
Subject: Time complexity of statements

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group