Skip site navigation (1) Skip section navigation (2)

Fwd: [ANNOUNCE] PostgreSQL security update available now

From: Selena Deckelmann <selena(at)chrisking(dot)com>
To: pdxpug(at)postgresql(dot)org
Subject: Fwd: [ANNOUNCE] PostgreSQL security update available now
Date: 2007-02-05 17:41:08
Message-ID: 9373F8E5-3FA4-40E2-B204-E1172C4856F0@chrisking.com (view raw or flat)
Thread:
Lists: pdxpugpgsql-announce
Begin forwarded message:

From: Josh Berkus <josh(at)postgresql(dot)org>
Date: February 5, 2007 9:32:44 AM PST
To: pgsql-announce(at)postgresql(dot)org
Subject: [ANNOUNCE] PostgreSQL security update available now

The PostgreSQL Global Development Group releases today a security  
update for
all recent PostgreSQL versions: minor versions 8.2.2, 8.1.7, 8.0.11,  
7.4.16
and 7.3.18.  Because this patches a medium-risk security hole, all  
users are
urged to upgrade at the earliest opportunity.

This release fixes CVE-2007-0555 and CVE-2007-0556.  Both of these  
issues
allow an authenticated attacker with the permissions to run arbitrary  
SQL to
launch a denial-of-service attack or possibly read out random chunks of
memory.  Since attacks to require authenticated access, the security  
hole is
only considered medium risk.  You can read more about the issues on  
Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

In keeping with the PostgreSQL Project's security fix policies, this  
update is
being released as quickly as possible: within 2 weeks of the first bug
report, and within five days of developing a fix.  This type of fast  
response
is central to PostgreSQL's reputation as one of the most secure  
databases in
the industry.

The new minor versions may be downloaded from our download page:
http://www.postgresql.org/download/.  Users will not need to dump &  
reload
for the upgrade.  However, see the release notes for your target  
version:
http://www.postgresql.org/docs/8.2/static/release.html


-- 
PostgreSQL Core Team

---------------------------(end of broadcast)---------------------------
-To unsubscribe from this list, send an email to:

                pgsql-announce-unsubscribe(at)postgresql(dot)org

-- 
Selena Deckelmann
Information Systems Manager
Chris King Precision Components
www.chrisking.com / 503.972.4050 x230




In response to

pgsql-announce by date

Next:From: Selena DeckelmannDate: 2007-02-05 17:42:07
Subject: Fwd: [ANNOUNCE] == PostgreSQL Weekly News - February 04 2007 ==
Previous:From: Josh BerkusDate: 2007-02-05 17:32:44
Subject: PostgreSQL security update available now

pdxpug by date

Next:From: Selena DeckelmannDate: 2007-02-05 17:42:07
Subject: Fwd: [ANNOUNCE] == PostgreSQL Weekly News - February 04 2007 ==
Previous:From: Josh BerkusDate: 2007-02-05 17:32:44
Subject: PostgreSQL security update available now

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group