Various security vulnerabilities were patched in a set of updates released for the PostgreSQL RDBMS platform. Five separate vulnerabilities were patched across all versions from 7.3 through to 8.2.

The vulnerabilities range from a privilege escalation vulnerability in the Index Functions, through to denial of service in regular expression libraries, and privilege escalation in DBLink.

PostgreSQL 7.3, 8.0, and 8.1 have also been EOL'ed.

Description:

The PostgreSQL Global Development Group has released updated versions of the PostgreSQL RDBMS, addressing several key vulnerabilities affecting all versions from 7.3 through to 8.2. The PostgreSQL developers consider these vulnerabilities to be critical and strongly recommend that administrators update to the latest versions as soon as possible.

PostgreSQL developers discovered the vulnerabilities during security analysis, and have worked to ensure backwards compatibility for existing data stores with the updated versions.

It should also be noted that PostgreSQL versions 7.3, 8.0, and 8.1 have been EOL'ed and it is recommended that administrators update to current versions.

Mitigation:

Update to the releases provided by the PostgreSQL development group.

Updates:

http://www.postgresql.org/ftp/binary/

Source:

http://www.postgresql.org/support/security

Exploits: