PostgreSQL to release a highly critical Security fix

The PostgreSQL Global Development Group will be releasing a new security update for all versions on Thursday April 4th, 2013. This release will include a fix for a high-exposure security vulnerability and all users are strongly urged to apply the update as soon as it is available.

The core committee for PostgreSQL have decided lock down access to database’s repositories to make this update secret without disclosing information as the vulnerability may allow database servers being exposed to attackers. Developers have also revealed that the lock down is only temporary and during this phase committers will have access to the repositories. The reason for the lockdown is to ensure that malicious users don’t work out an exploit by monitoring the changes to the source code while it is being implemented to fix the flaw.

To apply the update you only require installation of packages and a database system restart. You do not need to dump/restore or use pg_upgrade for this update release. Make sure to read the patch release and prepare your system to the next update.

 

Share