PostgreSQL Security
Release(s) for 7.2, 7.3 and 7.4 Posted on
2004-10-23
Posted by press at
PostgreSQL.org
In order to address a recent security report from iDefence, we have
released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Although rated only a Medium risk, according to their web site: "A
vulnerability exists due to the insecure creation of temporary
files, which could possibly let a malicious user overwrite
arbitrary files."
Also in these releases is a potential 'data loss' bug that was
recently identified:
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not
access transaction status" failures, which qualifies it as a
potential-data-loss bug.
Although not yet available via Bittorrent, these releases are
available through ftp at all of the mirrors, as well as the (S)RPMS
for various OSes.
For a listing of all currently available FTP mirrors, please
see:
http://www.postgresql.org/mirrors-ftp.html
|