Posts Tagged ‘PostgreSQL’

PostgreSQLIn an emergency order issued unscheduled corrective updates for all supported versions PostgreSQL: 9.2.4, 9.1.9, 9.0.13 and 8.4.17, which eliminated the five vulnerabilities, one of which is recognized as critically dangerous. All users of PostgreSQL 9.x should implement immediately update database. Also for the general increase in security infrastructure developers PostgreSQL advised to make sure that outsiders subnets was denied access to the network port on PostgreSQL.

Critically dangerous vulnerability (SVE-2013-1899) is shown only in the versions 9.x and allows to initiate damage to the files in the directory with the data in PostgreSQL sending a specially malformed requests for connection to the server, which appears the name of the base, starting with the character “-” ( database name is treated as an option for single-user recovery, availability of such a database on the server is not required.) For their attacks enough access to the network port on PostgreSQL, the presence of a database account is not required. (more…)

Critical vulnerabilities

Critical vulnerabilities

Published a notice of detected critical vulnerability in the database PostgreSQL.

No details and data on the nature of the problem is not reported prior to release official updates that are scheduled for April 4. Apparently the vulnerability is very dangerous, because the first time in the history of the project repository access will be limited, and the updates will be prepared and tested for release in high secrecy in private committers to avoid premature leak. PostgreSQL users should prepare for the April 4 unplanned upgrade their systems. Issue affects all supported editions of PostgreSQL. (more…)