[SECURITY-L] PostgreSQL 7.2.2: Security Release
Daniela Regina Barbetti Silva
daniela em ccuec.unicamp.br
Seg Ago 26 11:32:04 -03 2002
----- Forwarded message from Lamar Owen <lamar.owen em wgcr.org> -----
From: Lamar Owen <lamar.owen em wgcr.org>
Subject: Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release
To: bugtraq em securityfocus.com
Date: Fri, 23 Aug 2002 23:35:59 -0400
---------- Forwarded Message ----------
Subject: [GENERAL] PostgreSQL 7.2.2: Security Release
Date: Sat, 24 Aug 2002 00:22:17 -0300 (ADT)
From: "Marc G. Fournier" <scrappy em hub.org>
To: pgsql-announce em postgresql.org
Cc: freebsd-databases em freebsd.org, <pgsql-general em postgresql.org>, Vince
Vielhaber <vev em michvhf.com>
Due to recent security vulnerabilities reported on BugTraq, concerning
several buffer overruns found in PostgreSQL, the PostgreSQL Global
Development Team today released v7.2.2 of PostgreSQL that fixes these
vulnerabilities.
The following buffer overruns have been identified and addressed:
... in handling long datetime input
... in repeat()
... in lpad() and rpad() with multibyte
... in SET TIME ZONE and TZ env var
Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
dump-n-reload of the database, it should be noted that these
vulnerabilities are only critical on "open" or "shared" systems, as they
require the ability to be able to connect to the database before they can
be exploited.
The latest release is available at:
ftp://ftp.postgresql.org/pub/sources/v7.2.2
As well as at appropriate mirror sites.
Please report any bugs/problems with this release to:
pgsql-bugs em postgresql.org
Marc G. Fournier
Co-ordinator
PostgreSQL Global Development Group
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L