Resources Blog PostgreSQL Security Updates Released

PostgreSQL Security Updates Released

H Security – (International) PostgreSQL security updates released. The PostgreSQL Global Development Group released security updates for all currently supported versions, (9.1.x, 9.0.x, 8.4.x, and 8.3.x) of the open source relational database system. The updates include versions 9.1.4, 9.0.8, 8.4.12, and 8.3.19 of PostgreSQL, which close 2 security holes and include 42 other bug fixes. Users using the crypt function included in the pgcrypto module should update their installations immediately as the update fixes incorrect password transformations which can lead to shorter than desired passwords that are easier to attack. After updating, users will have to regenerate all passwords containing the byte value 0x80 to fix encrypted passwords that were truncated by the faulty code. The other security issue corrected involves a bug in a call handler that could lead to a server crash when applying SECURITY DEFINER and SET attributes. This can be exploited to create denial of service situations.


Picture of Ali Loney

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.