X-Original-To: pgsql-www-postgresql.org@localhost.postgresql.org Received: from localhost (av.hub.org [200.46.204.144]) by postgresql.org (Postfix) with ESMTP id C6AA79DCC29; Mon, 9 Jan 2006 05:33:09 -0400 (AST) Received: from postgresql.org ([200.46.204.71]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 24962-01-2; Mon, 9 Jan 2006 05:33:10 -0400 (AST) X-Greylist: from auto-whitelisted by SQLgrey- X-Greylist: from auto-whitelisted by SQLgrey- Received: from mx-2.sollentuna.net (mx-2.sollentuna.net [195.84.163.199]) by postgresql.org (Postfix) with ESMTP id 6683E9DCC8A; Mon, 9 Jan 2006 05:33:01 -0400 (AST) Received: from ALGOL.sollentuna.se (janus.sollentuna.se [62.65.68.67]) by mx-2.sollentuna.net (Postfix) with ESMTP id B15298F290; Mon, 9 Jan 2006 10:33:02 +0100 (CET) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Subject: Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability Date: Mon, 9 Jan 2006 10:33:02 +0100 Message-ID: <6BCB9D8A16AC4241919521715F4D8BCE6C7E35@algol.sollentuna.se> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability Thread-Index: AcYU/y2TvDj6nK+ORaST8Z7J2Q3N8QAAAcxA From: "Magnus Hagander" To: "Simon Riggs" , "Marc G. Fournier" Cc: X-Virus-Scanned: by amavisd-new at hub.org X-Spam-Status: No, score=0.078 required=5 tests=[AWL=0.078] X-Spam-Score: 0.078 X-Spam-Level: X-Archive-Number: 200601/29 X-Sequence-Number: 9217 > > PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are=20 > > available today. The fixes in the 8.1 and 8.0 branches are=20 > critical,=20 > > especially for Windows users, and users of these branches=20 > are urged to=20 > > update at their earliest opportunity. > >=20 > > One critical fix repairs a denial-of-service vulnerability:=20 > on Windows=20 > > only, the postmaster will exit if too many connection=20 > requests arrive=20 > > simultaneously. This does not affect existing database=20 > connections,=20 > > but will prevent new connections from being established until the=20 > > postmaster is manually restarted. >=20 > > The Common Vulnerabilities and Exposures (CVE) project has assigned=20 > > the name CVE-2006-0105 to this issue. >=20 > No they haven't: there is no such CVE number assigned, nor is=20 > there one pending - I just checked. (The numbers don't go=20 > that high yet). Yes, they have. At least according to their own mail ;-)=20 It won't show up until the public post is made to bugtraq though. (Or secunia) And it may be that it hasn't propagated out enough yet, since it was assigned just this friday. > [I was looking to update the Security page, but can't find=20 > the appropriate refs.] Already done. Will be on the next update, until then you can find it on http://magnus-master.pgadmin.org/ //Magnus