Your one-stop web resource providing safety and security information to manufacturers

PostgreSQL updated all actively supported branches of its open source relational database to fix bugs and close security holes.

Versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18 correct a problem that prevented permission checks from performing and a bug that may result in the successful verification of a spoofed SSL certificate. In addition, the development team fixed an input sanitization error that could execute code when loading a pg_dump file.

RELATED STORIES
Oracle ERP Vulnerabilities
Patched Flaw; Unpatched System Brings Attacks
Survey: Enterprise Unprepared for Security
IT Vendors Slower to Patch

An attacker could exploit these vulnerabilities to bypass some security restrictions or conduct spoofing attacks and manipulate data. Versions up to and including 9.1.2, 9.0.6, 8.4.10 and 8.3.17 all suffer from the issue and all users should upgrade, officials said.

Further information about the updates, including a full list of fixes and changes, are in the 9.1.3, 9.0.7, 8.4.11 and 8.3.18 release notes. The new versions of PostgreSQL are available to download from the project’s site.

Cyber Security

Source code for PostgreSQL is available under the terms of the PostgreSQL License, described as “a liberal open source license.

Pin It on Pinterest

Share This