PostgreSQL Project releases security updates
The PostgreSQL Project developers have announced the release of security updates for their popular open source object-relational database. The current versions of PostgreSQL are now 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23 and 7.4.27.
According to the developers, the latest releases address one moderate-risk and one low-risk security issue. The first problem reportedly relates to an SSL authentication issue and the later vulnerability has to do with expression indexes and a privilege escalation issue. Additional details, however, have not been provided.
Additionally, the updates address nearly 50 bugs, most of which apply to version 8.4 and some of which are specific to the Windows platform. The developers advise all PostgreSQL users to update to the latest release as soon as possible. More details about the updates can be found in the release notes. The PostgreSQL updates are available to download from the project's site.
PostgreSQL is BSD licensed and runs on Linux, Unix and Windows and has been in development since the 1980s, adopting the PostgreSQL name in 1996. The PostgreSQL Global Development Group, responsible for development of the open source database, will stop releasing updates for version 7.4 and 8.0 of PostgreSQL after June of 2010 and advises users of those versions to "start planning to upgrade now".