The PostgreSQL development team released security updates for all actively supported branches of its open source relational database to fix bugs and close security holes found in the previous releases.
Versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18 correct a problem that prevented permission checks from being performed and a bug that may result in the successful verification of a spoofed SSL certificate. An input sanitisation error that could be used to execute code when loading a pg_dump file has also been fixed.
These vulnerabilities could be exploited by an attacker to bypass some security restrictions or conduct spoofing attacks and manipulate data. Versions up to and including 9.1.2, 9.0.6, 8.4.10 and 8.3.17 are affected; all users are advised to upgrade.
Full list of fixes and changes, can be found in the 9.1.3, 9.0.7, 8.4.11 and 8.3.18 release notes. The new versions of PostgreSQL are available to download from the project's site.
Versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18 correct a problem that prevented permission checks from being performed and a bug that may result in the successful verification of a spoofed SSL certificate. An input sanitisation error that could be used to execute code when loading a pg_dump file has also been fixed.
These vulnerabilities could be exploited by an attacker to bypass some security restrictions or conduct spoofing attacks and manipulate data. Versions up to and including 9.1.2, 9.0.6, 8.4.10 and 8.3.17 are affected; all users are advised to upgrade.
Full list of fixes and changes, can be found in the 9.1.3, 9.0.7, 8.4.11 and 8.3.18 release notes. The new versions of PostgreSQL are available to download from the project's site.