Skip site navigation (1) Skip section navigation (2)

Fwd: [ANNOUNCE] PostgreSQL Releases: 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19

From: Selena Deckelmann <sdeckelmann(at)chrisking(dot)com>
To: pdxpug(at)postgresql(dot)org
Subject: Fwd: [ANNOUNCE] PostgreSQL Releases: 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19
Date: 2007-04-23 16:43:20
Message-ID: 25E7B098-8FD9-4C2B-876D-D69D5D30BF3B@chrisking.com (view raw or flat)
Thread:
Lists: pdxpugpgsql-announce

Begin forwarded message:

From: Bruce Momjian <bruce(at)momjian(dot)us>
Date: April 23, 2007 9:22:50 AM PDT
To: PostgreSQL-announce <pgsql-announce(at)postgresql(dot)org>
Subject: [ANNOUNCE] PostgreSQL Releases: 8.2.4, 8.1.9, 8.0.13,  
7.4.17, 7.3.19

The PostgreSQL Global Development Group has released updated versions
for PostgreSQL 8.2 and all back versions to patch a privilege escalation
exploit in SECURITY DEFINER functions.  All users of this feature are
urged to update to the latest minor version and follow instructions on
securing these functions as soon as possible.  This minor release also
contains other fixes, so all users should plan to deploy it.

Once you have updated, additional steps are required to secure your
database against the exploit.  Please read the release notes at
http://www.postgresql.org/docs/8.2/static/release.html and the TechDocs
article at http://www.postgresql.org/docs/techdocs.77 on how to
lock down your security definer functions, if you use them.

Downloads are in the usual places, http://www.postgresql.org/download.
As always, application of a minor release does not require a dump and
reload of the database.

The frequency of security fixes recently is a result of increased
scrutiny of the PostgreSQL code by government agencies and
security-conscious companies.  Rapid turnaround on security patches is
key to keeping PostgreSQL the most secure SQL database.  Your work and
vigilance in applying the latest security updates ensures that there
will never be a PostgreSQL "worm".

-- 
   Bruce Momjian  <bruce(at)momjian(dot)us>          http://momjian.us
   EnterpriseDB                               http:// 
www.enterprisedb.com

   + If your life is a hard drive, Christ can be your backup. +

---------------------------(end of broadcast)---------------------------
-To unsubscribe from this list, send an email to:

                pgsql-announce-unsubscribe(at)postgresql(dot)org

-- 
Selena Deckelmann
Information Systems Manager
Chris King Precision Components
Made in Portland, Oregon
www.chrisking.com / 503.972.4050 x230




In response to

pgsql-announce by date

Next:From: Hiroshi InoueDate: 2007-04-24 08:26:49
Subject: psqlODBC 08.02.0300 Released
Previous:From: Bruce MomjianDate: 2007-04-23 16:22:50
Subject: PostgreSQL Releases: 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19

pdxpug by date

Next:From: David FetterDate: 2007-04-30 04:11:51
Subject: == PostgreSQL Weekly News - April 29 2007 ==
Previous:From: Bruce MomjianDate: 2007-04-23 16:22:50
Subject: PostgreSQL Releases: 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group