Minor Release 8.1.3 Patches Security Issue
Posted on 2006-02-13
Posted by josh@postgresql.org
PostgreSQL minor version 8.1.3 has been released, containing a
patch for a serious security issue present in the 8.1 branch. All
users of 8.1 are urged to upgrade at the earliest
opportunity.
Minor versions 8.0.7, 7.4.12, and 7.3.14 are being released at
the same time as well. These contain only minor bug fixes to the
8.0, 7.4 and 7.3 versions and can be upgraded on a more planned
schedule, unless of course you are encountering one of the bugs
described.
The security issue in 8.1.x allows an authenticated database user
to escalate his ROLE privileges by exploiting knowledge of the
backend
protocol. While there are no known exploits in the wild for this,
users are urged not to wait until they encounter one.
8.1.3 also contains a number of other bug fixes, most of them for
very specific (rare) database configurations and schema issues,
but including a number of crash fixes. Notable also is a fix to
the TSearch2 GiST index generation code which will significantly
speed up creation of TSearch2 indexes. See the release notes for more detail.
As usual, you may download the new releases from our FTP Mirrors
or BitTorrent.
|