In order to address a recent security report from iDefence, we have
released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Although rated only a Medium risk, according to their web site: "A
vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files."
Also in these releases is a potential 'data loss' bug that was recently
identified:
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not
access transaction status" failures, which qualifies it as a
potential-data-loss bug.
Although not yet available via Bittorrent, these releases are available
through ftp at all of the mirrors, and Devrim is currently working on RPMs
for the various releases, which should be available soon.
For a listing of all currently available FTP mirrors, please see: http://www.postgresql.org/mirrors-ftp.html
----
Marc G. Fournier Hub.Org Networking Services ( http://www.hub.org)
Email: sc*****@hub.org Yahoo!: yscrappy ICQ: 7615664
---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddres sHere" to ma*******@postg resql.org) 4 1433
Marc G. Fournier wrote: In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Assuming you're referring to the make_oidjoins_c heck bug, I don't think
it is accurate to bill these as "security releases". As the 7.4.6
release notes plainly state:
---
# Avoid using temp files in /tmp in make_oidjoins_c heck
This has been reported as a security issue, though it's hardly worthy of
concern since there is no reason for non-developers to use this script
anyway.
---
That said, the fix for the clog bug is reason enough to make the point
releases, and reason enough for users to upgrade.
-Neil
---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postg resql.org
Neil Conway <ne***@samurai. com> writes: Marc G. Fournier wrote: In order to address a recent security report from iDefence, we have released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6
Assuming you're referring to the make_oidjoins_c heck bug,
He's not. There were two other recent security reports, which core kept
to ourselves until the release could be made. The other issues were
only marginally more serious than make_oidjoins_c heck, but worth fixing
now given that the hint-bit bug was forcing a release anyway.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
On Mon, 2004-10-25 at 00:43, Tom Lane wrote: He's not. There were two other recent security reports, which core kept to ourselves until the release could be made.
Ah, ok -- fair enough. Are those additional security fixes mentioned in
the release notes?
-Neil
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives? http://archives.postgresql.org
Neil Conway <ne***@samurai. com> writes: On Mon, 2004-10-25 at 00:43, Tom Lane wrote: He's not. There were two other recent security reports, which core kept to ourselves until the release could be made.
Ah, ok -- fair enough. Are those additional security fixes mentioned in the release notes?
Yes, or at least the one that affected PG proper (pg_ctl as root).
The other was a bug in the RPM init script.
I just realized that Devrim wasn't in the loop on that, so he'll
probably have to rebuild the PGDG RPMs :-(
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Sarah Tanembaum |
last post by:
Beside its an opensource and supported by community, what's the fundamental
differences between PostgreSQL and those high-price commercial database (and
some are bloated such as Oracle) from software giant such as Microsoft SQL
Server, Oracle, and Sybase?
Is PostgreSQL reliable enough to be used for high-end commercial
application? Thanks
|
by: Marc G. Fournier |
last post by:
Well folks, we are now coming into the home stretch of another long
development cycle, and its time for more vigorous and extensive testing
....
Last night, we bundled up Beta4, which is the first one that we've
officially announced "publicly", with the other 3 having been only
announced on -hackers ...
This release, depending on the bug reports received, will most likely flow
into our first Release Candidate by end of next week, so...
|
by: Peter Eisentraut |
last post by:
If you want to see the upcoming release PostgreSQL 7.4 speak your favorite
language, you are invited to contribute to the translation of the message
strings in PostgreSQL. After the latest beta release of PostgreSQL (7.4
beta 4), a string freeze has been called, which means that the developers
will from now on try to avoid changing any message strings so that
translators can go about their work without interference.
If you are...
|
by: Marc G. Fournier |
last post by:
After a relatively short period for beta5, where nothing major arose, we
have just packaged up our first Release Candidate for v7.4, with the hopes
of producing a full release over the next 7 to 14 days.
There is only one major change between Beta5 and RC1 that, so far, has
been reported back ... RC1 will no longer work with TCL8.0.x, due to a
change to pgtclCmds.c:
Use Tcl ByteArray objects to avoid unwanted character set
translation...
|
by: Marc G. Fournier |
last post by:
We have just packaged up our second Release Candidate for v7.4, with the
hopes of producing a full release next week.
A full ChangeLog is available at:
ftp://ftp.postgresql.org/pub/sources/v7.4/ChangeLog.RC1.to.RC2
But, one of the highlights is that support for tcl8.0.x has been
re-introduced.
| |
by: Marc G. Fournier |
last post by:
After almost 12 months of intense development, and testing, we are proud
to announce the availability of PostgreSQL v7.4.
An overview of the major changes in v7.4 include:
IN/NOT IN subqueries are now much more efficient
Improved GROUP BY processing by using hash buckets
New multikey hash join capability
Queries using the explicit JOIN syntax are now better optimized
Faster and more powerful regular expression code
|
by: Zlatko Matiæ |
last post by:
Is it possible to use Access as front-end for POstgreSQL and how ?
What about Access Projects (.adp) and PostgreSQL ?
|
by: Marc G. Fournier |
last post by:
After almost 9 months of development, the PostgreSQL Global Development
Group is proud to announce that development on PostgreSQL 8.0.0 has now
finished, and is ready for some serious testing.
For those wondering about the 8.0.0 designation on this release, there
have been several *very* large features included in this release that we
felt warranted the jump. As with all of our releases, we aim to have this
one as rock solid as...
|
by: Marc G. Fournier |
last post by:
Its been almost 4 weeks since Beta4, and alot of work, involving alot of
bug fixes, and documentation improvements, to the source tree, we have
just released our 5th Beta of 8.0.0.
All of our major Open Items have now been completed, and we're slowly
entering the final stages, involving alot of testing and documentation
changes.
For a complete list of changes/improvement since Beta 1 was released,
please see:
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| | |