PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4

In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6

Although rated only a Medium risk, according to their web site: "A vulnerability exists due to the insecure creation of temporary files, which could possibly let a malicious user overwrite arbitrary files."

Also in these releases is a potential 'data loss' bug that was recently identified:

* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access transaction status" failures, which qualifies it as a potential-data-loss bug.

These releases are available through ftp at all of the mirrors, as well as the (S)RPMS for various OSes. Also check http://bt.PostgreSQL.org for bittorrent.

For a listing of all currently available FTP mirrors, please see:

http://www.PostgreSQL.org/mirrors-ftp.html

Please report any bugs to pgsql-bugs@PostgreSQL.org

Posted by Devrim GÜNDÜZ 2004-10-28

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks