PostgreSQL 7.2.2: Security Release

From: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
To: pgsql-announce(at)postgresql(dot)org
Cc: freebsd-databases(at)freebsd(dot)org, <pgsql-general(at)postgresql(dot)org>, Vince Vielhaber <vev(at)michvhf(dot)com>
Subject: PostgreSQL 7.2.2: Security Release
Date: 2002-08-24 03:22:17
Message-ID: 20020824000845.Q1769-100000@mail1.hub.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-announce pgsql-general pgsql-hackers


Due to recent security vulnerabilities reported on BugTraq, concerning
several buffer overruns found in PostgreSQL, the PostgreSQL Global
Development Team today released v7.2.2 of PostgreSQL that fixes these
vulnerabilities.

The following buffer overruns have been identified and addressed:

... in handling long datetime input
... in repeat()
... in lpad() and rpad() with multibyte
... in SET TIME ZONE and TZ env var

Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
dump-n-reload of the database, it should be noted that these
vulnerabilities are only critical on "open" or "shared" systems, as they
require the ability to be able to connect to the database before they can
be exploited.

The latest release is available at:

ftp://ftp.postgresql.org/pub/sources/v7.2.2

As well as at appropriate mirror sites.

Please report any bugs/problems with this release to:

pgsql-bugs(at)postgresql(dot)org

Marc G. Fournier
Co-ordinator
PostgreSQL Global Development Group

Responses

Browse pgsql-announce by date

  From Date Subject
Next Message Bruce Momjian 2002-08-24 03:36:57 Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Previous Message Marc G. Fournier 2002-08-21 23:16:27 libpq++ and libpqxx moved to GBorg ...

Browse pgsql-general by date

  From Date Subject
Next Message Stephan Szabo 2002-08-24 03:31:40 Re: Controling Rule's Firing Order
Previous Message Alvaro Herrera 2002-08-24 01:25:52 Re: Controling Rule's Firing Order

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2002-08-24 03:36:57 Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Previous Message Vince Vielhaber 2002-08-23 22:38:41 Re: v7.2.2 Released ... but not announced ...