Security update for PostgreSQL
The developers of the open source database PostgreSQL have released a number of security updates. The PostgreSQL Global Development Group recommend that users install these updates by upgrading to a current version on their servers "as soon as reasonably possible". The now current versions are 8.4.1, 8.3.8, 8.2.14, 8.1.18, 8.0.22, and 7.4.26.
The developers have removed the following problems.
- Logged in users could shut down the database by reloading libraries in
$libdir/plugins(affected version 8.4,8.3 and 8.2).
- A fix for a previous fix for CVE-2007-2138 which allowed for misuse of
RESET SESSION AUTHORIZATION(affected versions 8.4, 8.3, 8.2, 8.1, 8.0 and 7.4).
- A fix for PostgreSQL's handling of LDAP authentication, where if the LDAP configuration allowed for anonymous binds, it was possible for users to authenticate with an empty password (affected versions 8.3 and 8.2).
PostgreSQL has been in development since the 1980s, adopting the PostgreSQL name in 1996. The open source object-relational database is BSD licensed and runs on Linux, Unix and Windows.