Postgres Pro
Downloads
Home   >   mailing lists

Thread: Minor Releases 7.3 thru 8.1 Available to Fix Security Issue

Minor Releases 7.3 thru 8.1 Available to Fix Security Issue

From
"Marc G. Fournier"
Date:
PostgreSQL minor version 8.1.3 has been released, containing a patch for a
serious security issue present in the 8.1 branch.  All users of 8.1 are
urged to upgrade at the earliest opportunity.  

Minor versions 8.0.7, 7.4.12, and 7.3.14 are being released at the same
time.  These  contain only minor bug fixes to the 8.0, 7.4 and 7.3
versions and can be upgraded on a more planned schedule, unless of course
you are encountering one of the bugs described.

The security issue in 8.1.x allows an authenticated database user to
escalate his ROLE privileges by exploiting knowledge of the backend
protocol.  While there are no known exploits in the wild for this, users
are urged not to wait until they encounter one.

8.1.3 also contains a number of other bug fixes, most of them for very
specific (rare) database configurations and schema issues, but including a
number of crash fixes.   Notable also is a fix to the TSearch2 GiST index
generation code which will significantly speed up creation of TSearch2
indexes.   See the release notes for more detail:

     http://www.postgresql.org/docs/8.1/static/release.html

As usual, you may download the new releases from our FTP Mirrors or
BitTorrent:

         http://www.postgresql.org/download/

Re: Minor Releases 7.3 thru 8.1 Available to Fix Security

From
Nels Lindquist
Date:
Marc G. Fournier wrote:

> PostgreSQL minor version 8.1.3 has been released, containing a patch for
> a serious security issue present in the 8.1 branch.  All users of 8.1
> are urged to upgrade at the earliest opportunity.

<snip>

> As usual, you may download the new releases from our FTP Mirrors or
> BitTorrent:

Just wondering how long before binaries for RHEL3 show up?  The RHEL4
binaries are available, and there were RHEL3 binaries for 8.1.2.

----
Nels Lindquist <*>

Re: Minor Releases 7.3 thru 8.1 Available to Fix Security

From
Devrim GUNDUZ
Date:
Hi,

On Thu, 2006-02-16 at 09:58 -0700, Nels Lindquist wrote:

> Just wondering how long before binaries for RHEL3 show up?  The RHEL4
> binaries are available, and there were RHEL3 binaries for 8.1.2.

Sorry for the delay in building RHEL3 RPMs. I just built RPMs for RHEL 3
and FC3. They are on the way now, and they will appear in main FTP site
in 2-3 hours.

Regards,
--
The PostgreSQL Company - Command Prompt, Inc. 1.503.667.4564
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: PL/php, plPerlNG - http://www.commandprompt.com/