PostgreSQL security update fixes a buffer overrun
The PostgreSQL developers have released security updates for the database system, with new versions, 9.0.3, 8.4.7, 8.3.14 and 8.2.20 released for the 9.0, 8.4, 8.3 and 8.2 active branches. The update includes a fix to prevent a buffer overrun in the contrib intarray module's input function which could allow a return address to be overwritten by malicious code. As the affected module is an optional install, the only users affected are those that have installed the intarray module; this contains useful functions for manipulation of one dimensional arrays of integers.
The update also includes 63 bug-fixes, including the prevention of unexpected overflows in date conversions, corrections in assignments to arrays, fixes to pg_restore and large objects, and improved build support for the Windows version. The update to 9.0.3 also includes several version-specific fixes; in all there are 33 patches to 9.0, 20 patches to 8.4 and 8.3 and 18 patches to 8.2. These will be detailed in the release notes, though at the time of writing, the release notes for the update had not yet been published. This minor release does not require users to dump and reload their database. Binary versions and source code are available to download for the BSD/MIT like licensed database, as is a one click Windows installer.