02/20/2007PostgreSQL Security Release for 8.0, 7.4, 7.3
The PostgreSQL Global Development Group releases today a security update older PostgreSQL versions: minor versions 8.0.11, 7.4.16 and 7.3.18. Because this patches a medium-risk security hole, all users of 8.0, 7.4 and 7.3 are urged to upgrade at the earliest opportunity.
Security Releases for versions 8.1 and 8.2 are still pending. Previously released source for 8.2.2 and 8.1.7 has been WITHDRAWN due to a bug with typemod data types used with check constraints and expression indexes. New minor versions of 8.2 and 8.1 will be re-released within 24 to 48 hours.
This release fixes CVE-2007-0555 and CVE-2007-0556. Both of these issues allow an authenticated attacker with the permissions to run arbitrary SQL to launch a denial-of-service attack or possibly read out random chunks of memory. Since attacks to require authenticated access, the security hole is only considered medium risk. You can read more about the issues on Mitre: CVE-2007-0555 CVE-2007-0556
The new minor versions may be downloaded from our download page. Users will not need to dump & reload for the upgrade. However, see the release notes for your target version.
