[Gfoss] Aggiornamento di sicurezza per PostgreSQL


The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update immediately.

A major security issue fixed in this release, CVE-2013-1899, makes it
possible for a connection request containing a database name that
begins with "-" to be crafted that can damage or destroy files within
a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue
was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open
Source Software Center.

Mi sembra una notizia importante da segnalare a tutti considerata la
diffusione di PostGIS. Aggiornate, aggiornate, aggiornate.