PostgreSQL Closes Security Holes

Wednesday, February 29, 2012 @ 03:02 PM gHale

PostgreSQL updated all actively supported branches of its open source relational database to fix bugs and close security holes.

Versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18 correct a problem that prevented permission checks from performing and a bug that may result in the successful verification of a spoofed SSL certificate. In addition, the development team fixed an input sanitization error that could execute code when loading a pg_dump file.

RELATED STORIES
Oracle ERP Vulnerabilities
Patched Flaw; Unpatched System Brings Attacks
Survey: Enterprise Unprepared for Security
IT Vendors Slower to Patch

An attacker could exploit these vulnerabilities to bypass some security restrictions or conduct spoofing attacks and manipulate data. Versions up to and including 9.1.2, 9.0.6, 8.4.10 and 8.3.17 all suffer from the issue and all users should upgrade, officials said.

Further information about the updates, including a full list of fixes and changes, are in the 9.1.3, 9.0.7, 8.4.11 and 8.3.18 release notes. The new versions of PostgreSQL are available to download from the project’s site.

Source code for PostgreSQL is available under the terms of the PostgreSQL License, described as “a liberal open source license.



Leave a Reply

You must be logged in to post a comment.