[Gfoss] Aggiornamento di sicurezza per PostgreSQL
steko a iosa.it
Gio 4 Apr 2013 19:11:01 CEST
> The PostgreSQL Global Development Group has released a security
> update to all current versions of the PostgreSQL database system,
> including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
> fixes a high-exposure security vulnerability in versions 9.0 and
> later. All users of the affected versions are strongly urged to apply
> the update immediately.
> A major security issue fixed in this release, CVE-2013-1899, makes it
> possible for a connection request containing a database name that
> begins with "-" to be crafted that can damage or destroy files within
> a server's data directory. Anyone with access to the port the
> PostgreSQL server listens on can initiate this request. This issue
> was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open
> Source Software Center.
Mi sembra una notizia importante da segnalare a tutti considerata la
diffusione di PostGIS. Aggiornate, aggiornate, aggiornate.
Maggiori informazioni sulla lista