Update PostgreSQL to 7.3.19, 7.4.17, 8.0.13, 8.1.9 and 8.2.4 respectively:

 The PostgreSQL Global Development Group has released updated versions
 for PostgreSQL 8.2 and all back versions to patch a privilege
 escalation exploit in SECURITY DEFINER functions.  All users of this
 feature are urged to update to the latest minor version and follow
 instructions on securing these functions as soon as possible.  This
 minor release also contains other fixes, so all users should plan to
 deploy it.

 Once you have updated, additional steps are required to secure your
 database against the exploit.  Please read the release notes at
 http://www.postgresql.org/docs/8.2/static/release.html and the
 TechDocs article at http://www.postgresql.org/docs/techdocs.77 on how
 to lock down your security definer functions, if you use them.

 As always, application of a minor release does not require a dump and
 reload of the database.

 The frequency of security fixes recently is a result of increased
 scrutiny of the PostgreSQL code by government agencies and
 security-conscious companies.  Rapid turnaround on security patches
 is key to keeping PostgreSQL the most secure SQL database.  Your work
 and vigilance in applying the latest security updates ensures that
 there will never be a PostgreSQL "worm".

http://www.postgresql.org/docs/8.2/static/release-8-2-4.html
http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-9
http://www.postgresql.org/docs/8.0/static/release.html#RELEASE-8-0-13
http://www.postgresql.org/docs/7.4/static/release.html#RELEASE-7-4-17

http://www.postgresql.org/docs/techdocs.77

Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138

0 files changed, 0 insertions, 0 deletions