PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4

From: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>
To: pgsql-announce(at)postgresql(dot)org
Cc: pgsql-general(at)postgresql(dot)org
Subject: PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4
Date: 2004-10-23 14:14:34
Message-ID: 20041023110218.K16873@ganymede.hub.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-announce pgsql-general


In order to address a recent security report from iDefence, we have
released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6

Although rated only a Medium risk, according to their web site: "A
vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files."

Also in these releases is a potential 'data loss' bug that was recently
identified:

* Repair possible failure to update hint bits on disk

Under rare circumstances this oversight could lead to "could not
access transaction status" failures, which qualifies it as a
potential-data-loss bug.

Although not yet available via Bittorrent, these releases are available
through ftp at all of the mirrors, and Devrim is currently working on RPMs
for the various releases, which should be available soon.

For a listing of all currently available FTP mirrors, please see:

http://www.postgresql.org/mirrors-ftp.html

----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664

Responses

Browse pgsql-announce by date

  From Date Subject
Next Message Oliver Elphick 2004-10-23 15:59:26 Re: Slony-I 1.0.4 Released
Previous Message Christopher Browne 2004-10-23 02:26:36 Re: Slony-I 1.0.4 Released

Browse pgsql-general by date

  From Date Subject
Next Message Philip Hofstetter 2004-10-23 14:17:16 Bug or stupidity
Previous Message Leen Besselink 2004-10-23 12:52:31 OID's