Re: postgresql command line exploit found in the wild

From: "Daniel Verite" <daniel(at)manitou-mail(dot)org>
To: "PostgreSQL General" <pgsql-general(at)postgresql(dot)org>
Subject: Re: postgresql command line exploit found in the wild
Date: 2013-04-08 15:48:08
Message-ID: cd81d201-e9fa-4567-ac49-e3e762935747@mm
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Merlin Moncure wrote:

> if you have an internet facing database, patch it immediately!

By the way:

People running 9.1 on debian stable (squeeze) typically use this package:
http://packages.debian.org/squeeze-backports/postgresql-9.1

Currently, it looks like the fix is only available in pre-compiled form for
the amd64 architecture (see the bottom of the page). All other archs
including the popular i386 are stuck at version: 9.1.7-1~bpo60+1

I find it problematic. One can always switch to the new apt.postgresql.org
repository that has the latest versions, but how many people are going to not
even notice the problem, trusting their normal upgrade path?

Best regards,
--
Daniel
PostgreSQL-powered mail user agent and storage: http://www.manitou-mail.org

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Merlin Moncure 2013-04-08 15:54:32 Re: postgresql command line exploit found in the wild
Previous Message Shaun Thomas 2013-04-08 15:40:16 Re: Backup advice