PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4
[Posted October 26, 2004 by ris]
| From: |
| "Marc G. Fournier" <scrappy-AT-postgresql.org> |
| To: |
| pgsql-announce-AT-postgresql.org |
| Subject: |
| [ANNOUNCE] PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4 |
| Date: |
| Sat, 23 Oct 2004 11:14:34 -0300 (ADT) |
| Cc: |
| pgsql-general-AT-postgresql.org |
In order to address a recent security report from iDefence, we have
released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Although rated only a Medium risk, according to their web site: "A
vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files."
Also in these releases is a potential 'data loss' bug that was recently
identified:
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not
access transaction status" failures, which qualifies it as a
potential-data-loss bug.
Although not yet available via Bittorrent, these releases are available
through ftp at all of the mirrors, and Devrim is currently working on RPMs
for the various releases, which should be available soon.
For a listing of all currently available FTP mirrors, please see:
http://www.postgresql.org/mirrors-ftp.html
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
