[Slackbuilds-users] postgresql vulnerability

Nenad Spirkoski spiki at verat.net
Mon Apr 30 11:04:55 UTC 2007


Bumping version builds ok... New download link: 
ftp://ftp.postgresql.org/pub/source/v8.2.4/postgresql-8.2.4.tar.bz2

About the vuln:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
http://secunia.com/advisories/25019/
http://www.postgresql.org/about/news.791

The PostgreSQL Global Development Group has released updates to patch a 
privilege escalation exploit in SECURITY DEFINER functions. The fix is 
available in 8.2.4, 8.1.9, 8.0.13, 7.4.17, and 7.3.19 and all users of this 
feature are strongly urged to update to the latest minor version and follow 
instructions on securing these functions as soon as possible. These minor 
releases may also contain other fixes, so all users should review the release 
notes an plan to deploy them as needed.

-- 
Linux: the choice of a GNU generation
	-- ksh at cis.ufl.edu put this on Tshirts in '93



More information about the Slackbuilds-users mailing list