The PostgreSQL project today is releasing the following minor versions, which fix three different crash vulnerabilities as well as an assortment of minor issues. Users of all PostgreSQL versions are urged to upgrade at the earliest opportunity.
The versions being released are: 8.1.5, 8.0.9, 7.4.14, 7.3.16. These are cumulative patch releases which simply replace the PostgreSQL binaries for major versions 8.1, 8.0, 7.4 and 7.3. Note that users of versions 7.4.0, 7.4.1, 8.0.0 and 8.0.1 may have to take additional steps in the course of upgrading -- see the release notes for details.
The three crash conditions are not considered critical vulnerabilities, because all three require authenticated access to the database with the ability to run ad-hoc queries, and none can be exploited for privilege escalation. As a result, we have NOT filed a CVE for these issues.
Source for these releases is currently available, as well as binaries for Windows and some distributions of Linux. Binaries for Solaris, other Linuxen, and OSX should be obtained from their respective vendors.
This post has been migrated from a previous version of the PostgreSQL website. We apologise for any formatting issues caused by the migration.