From: | "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org> |
---|---|
To: | pgsql-announce(at)postgresql(dot)org |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4 |
Date: | 2004-10-23 14:14:34 |
Message-ID: | 20041023110218.K16873@ganymede.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce pgsql-general |
In order to address a recent security report from iDefence, we have
released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Although rated only a Medium risk, according to their web site: "A
vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files."
Also in these releases is a potential 'data loss' bug that was recently
identified:
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not
access transaction status" failures, which qualifies it as a
potential-data-loss bug.
Although not yet available via Bittorrent, these releases are available
through ftp at all of the mirrors, and Devrim is currently working on RPMs
for the various releases, which should be available soon.
For a listing of all currently available FTP mirrors, please see:
http://www.postgresql.org/mirrors-ftp.html
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664
From | Date | Subject | |
---|---|---|---|
Next Message | Oliver Elphick | 2004-10-23 15:59:26 | Re: Slony-I 1.0.4 Released |
Previous Message | Christopher Browne | 2004-10-23 02:26:36 | Re: Slony-I 1.0.4 Released |
From | Date | Subject | |
---|---|---|---|
Next Message | Philip Hofstetter | 2004-10-23 14:17:16 | Bug or stupidity |
Previous Message | Leen Besselink | 2004-10-23 12:52:31 | OID's |