PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23 Released to Address DOS Bug
Users are advised to apply the update as soon as possible
The PostgreSQL Global Development Group has released PostgreSQL 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23. The release is considered a security update, so users are advised to apply it as soon as possible.Besides some minor issues and a performance regression, the update addresses a denial-of-service (DOS) vulnerability that could be leveraged by an authenticated user to crash the server by calling an internal function with invalid arguments.
The issue has been identified by independent security researcher Sumit Soni earlier this week and reported via Secunia SCVRP.
PostgreSQL users are also reminded that this is the final update for the 8.3 version. Customers who still rely on this variant are advised to upgrade immediately.
PostgreSQL is available for download here