Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS - Mailing list pgsql-www

From Simon Riggs
Subject Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS
Date
Msg-id 1136798952.21025.344.camel@localhost.localdomain
Whole thread Raw
List pgsql-www
On Mon, 2006-01-09 at 02:33 -0400, Marc G. Fournier wrote:
> PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are available
> today.  The fixes in the 8.1 and 8.0 branches are critical, especially for
> Windows users, and users of these branches are urged to update at their
> earliest opportunity.
>
> One critical fix repairs a denial-of-service vulnerability: on Windows
> only, the postmaster will exit if too many connection requests arrive
> simultaneously.  This does not affect existing database connections, but
> will prevent new connections from being established until the postmaster
> is manually restarted.

> The Common Vulnerabilities and Exposures (CVE)
> project has assigned the name CVE-2006-0105 to this issue.

No they haven't: there is no such CVE number assigned, nor is there one
pending - I just checked. (The numbers don't go that high yet).

[I was looking to update the Security page, but can't find the
appropriate refs.]

Best Regards, Simon Riggs


pgsql-www by date:

Previous
From: "Magnus Hagander"
Date:
Subject: Re: Release Announcement News Item -- please read
Next
From: "Magnus Hagander"
Date:
Subject: Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability