PostgreSQL 8.2.23 Documentation | ||||
---|---|---|---|---|
Prev | Fast Backward | Appendix E. Release Notes | Fast Forward | Next |
Release date: 2007-02-05
This release contains a variety of fixes from 7.3.17, including a security fix.
A dump/restore is not required for those running 7.3.X. However, if you are upgrading from a version earlier than 7.3.13, see the release notes for 7.3.13.
Remove security vulnerability that allowed connected users to read backend memory (Tom)
The vulnerability involves changing the data type of a table column used in a SQL function (CVE-2007-0555). This error can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.
Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas)
Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom)