In case you have not heard, please see:
The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9,[masked], and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to
apply the update *immediately*.
A major security issue fixed in this release, CVE[masked]
makes it possible for a connection request containing a database
name that begins with "-" to be crafted that can damage or destroy
files within a server's data directory. Anyone with access to the
port the PostgreSQL server listens on can initiate this request.
This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi
of NTT Open Source Software Center.
Joseph E Conway
616 Burnham Street
El Cajon, CA 92019
credativ LLC: http://www.credat...
Linux, PostgreSQL, and general Open Source
Training, Service, Consulting, & 24x7 Support