public inbox for [email protected]
help / color / mirror / Atom feedCRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability
6+ messages / 6 participants
[nested] [flat]
* CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability
@ 2006-01-09 06:33 Marc G. Fournier <[email protected]>
0 siblings, 2 replies; 6+ messages in thread
From: Marc G. Fournier @ 2006-01-09 06:33 UTC (permalink / raw)
To: [email protected]; +Cc: [email protected]
PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are available
today. The fixes in the 8.1 and 8.0 branches are critical, especially for
Windows users, and users of these branches are urged to update at their
earliest opportunity.
One critical fix repairs a denial-of-service vulnerability: on Windows
only, the postmaster will exit if too many connection requests arrive
simultaneously. This does not affect existing database connections, but
will prevent new connections from being established until the postmaster
is manually restarted. The Common Vulnerabilities and Exposures (CVE)
project has assigned the name CVE-2006-0105 to this issue.
Another critical fix repairs an error in ReadBuffer that can cause data
loss due to overwriting recently-added pages. This applies to the 8.1 and
8.0 branches on all platforms.
Other fixes included are:
-- Character string locale comparison bug. This may require a REINDEX
on text column indexes in some locales, such as Hungarian.
-- Prevent accidental changes of locale by plperl
-- Two fixes for Japanese encodings
-- Two fixes for COPY CSV
-- Fixes for functions returning RECORD
-- Fixes to autovacuum, dblink and pgcrypto
Further details appear in the release notes in the documentation for the
new versions, which is distributed with the source, and will be available
within a few days on PostgreSQL.org.
Versions 7.4.11 and 7.3.13 contain a subset of the fixes above appropriate
to those versions.
Currently, source packages are available for all these versions, and
Windows installer packages are available for 8.1.2 and 8.0.6. Binary
packages for other platforms will soon be available from the PostgreSQL
Downloads[1] page and other sources.
Marc G. Fournier
PostgreSQL Core Member
[1] - http://www.postgresql.org/download
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS
@ 2006-01-09 09:29 Simon Riggs <[email protected]>
parent: Marc G. Fournier <[email protected]>
1 sibling, 0 replies; 6+ messages in thread
From: Simon Riggs @ 2006-01-09 09:29 UTC (permalink / raw)
To: Magnus Hagander <[email protected]>; Marc G. Fournier <[email protected]>; +Cc: pgsql-www
On Mon, 2006-01-09 at 02:33 -0400, Marc G. Fournier wrote:
> PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are available
> today. The fixes in the 8.1 and 8.0 branches are critical, especially for
> Windows users, and users of these branches are urged to update at their
> earliest opportunity.
>
> One critical fix repairs a denial-of-service vulnerability: on Windows
> only, the postmaster will exit if too many connection requests arrive
> simultaneously. This does not affect existing database connections, but
> will prevent new connections from being established until the postmaster
> is manually restarted.
> The Common Vulnerabilities and Exposures (CVE)
> project has assigned the name CVE-2006-0105 to this issue.
No they haven't: there is no such CVE number assigned, nor is there one
pending - I just checked. (The numbers don't go that high yet).
[I was looking to update the Security page, but can't find the
appropriate refs.]
Best Regards, Simon Riggs
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS
@ 2006-01-09 09:30 Markus Bertheau <[email protected]>
parent: Marc G. Fournier <[email protected]>
1 sibling, 1 reply; 6+ messages in thread
From: Markus Bertheau @ 2006-01-09 09:30 UTC (permalink / raw)
To: Marc G. Fournier <[email protected]>; +Cc: [email protected]
В Пнд, 09/01/2006 в 02:33 -0400, Marc G. Fournier пишет:
> -- Character string locale comparison bug. This may require a REINDEX
> on text column indexes in some locales, such as Hungarian.
Can we be more specific here? How is an administrator supposed to know,
whether he needs to reindex his text column indexes or not?
Markus Bertheau
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability
@ 2006-01-09 09:33 Magnus Hagander <[email protected]>
0 siblings, 0 replies; 6+ messages in thread
From: Magnus Hagander @ 2006-01-09 09:33 UTC (permalink / raw)
To: Simon Riggs <[email protected]>; Marc G. Fournier <[email protected]>; +Cc: pgsql-www
> > PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are
> > available today. The fixes in the 8.1 and 8.0 branches are
> critical,
> > especially for Windows users, and users of these branches
> are urged to
> > update at their earliest opportunity.
> >
> > One critical fix repairs a denial-of-service vulnerability:
> on Windows
> > only, the postmaster will exit if too many connection
> requests arrive
> > simultaneously. This does not affect existing database
> connections,
> > but will prevent new connections from being established until the
> > postmaster is manually restarted.
>
> > The Common Vulnerabilities and Exposures (CVE) project has assigned
> > the name CVE-2006-0105 to this issue.
>
> No they haven't: there is no such CVE number assigned, nor is
> there one pending - I just checked. (The numbers don't go
> that high yet).
Yes, they have. At least according to their own mail ;-)
It won't show up until the public post is made to bugtraq though. (Or
secunia) And it may be that it hasn't propagated out enough yet, since
it was assigned just this friday.
> [I was looking to update the Security page, but can't find
> the appropriate refs.]
Already done. Will be on the next update, until then you can find it on
http://magnus-master.pgadmin.org/
//Magnus
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS
@ 2006-01-09 15:51 Jaime Casanova <[email protected]>
parent: Markus Bertheau <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Jaime Casanova @ 2006-01-09 15:51 UTC (permalink / raw)
To: Markus Bertheau <[email protected]>; +Cc: Marc G. Fournier <[email protected]>; [email protected]
On 1/9/06, Markus Bertheau <[email protected]> wrote:
> В Пнд, 09/01/2006 в 02:33 -0400, Marc G. Fournier пишет:
>
> > -- Character string locale comparison bug. This may require a REINDEX
> > on text column indexes in some locales, such as Hungarian.
>
> Can we be more specific here? How is an administrator supposed to know,
> whether he needs to reindex his text column indexes or not?
>
> Markus Bertheau
>
that's difficult to know because it depends on the locale behaviour, IIRC...
Maybe if you are using a locale different than C and have indexes on
strings then is better to REINDEX just to be sure...
--
regards,
Jaime Casanova
(DBA: DataBase Aniquilator ;)
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS
@ 2006-01-09 23:46 Bruce Momjian <[email protected]>
parent: Jaime Casanova <[email protected]>
0 siblings, 0 replies; 6+ messages in thread
From: Bruce Momjian @ 2006-01-09 23:46 UTC (permalink / raw)
To: Jaime Casanova <[email protected]>; +Cc: Markus Bertheau <[email protected]>; Marc G. Fournier <[email protected]>; [email protected]
Jaime Casanova wrote:
> On 1/9/06, Markus Bertheau <[email protected]> wrote:
> > ? ???, 09/01/2006 ? 02:33 -0400, Marc G. Fournier ?????:
> >
> > > -- Character string locale comparison bug. This may require a REINDEX
> > > on text column indexes in some locales, such as Hungarian.
> >
> > Can we be more specific here? How is an administrator supposed to know,
> > whether he needs to reindex his text column indexes or not?
> >
> > Markus Bertheau
> >
>
> that's difficult to know because it depends on the locale behaviour, IIRC...
>
> Maybe if you are using a locale different than C and have indexes on
> strings then is better to REINDEX just to be sure...
Read the specific REINDEX mentioned in the release notes and if any
apply to you, you should reindex. Were they not clear?
--
Bruce Momjian | http://candle.pha.pa.us
[email protected] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
^ permalink raw reply [nested|flat] 6+ messages in thread
end of thread, other threads:[~2006-01-09 23:46 UTC | newest]
Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2006-01-09 06:33 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability Marc G. Fournier <[email protected]>
2006-01-09 09:29 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS Simon Riggs <[email protected]>
2006-01-09 09:30 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS Markus Bertheau <[email protected]>
2006-01-09 15:51 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS Jaime Casanova <[email protected]>
2006-01-09 23:46 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS Bruce Momjian <[email protected]>
2006-01-09 09:33 Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability Magnus Hagander <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox