http://www.postgresql.org/about/news/1456/
> The PostgreSQL Global Development Group has released a security
> update to all current versions of the PostgreSQL database system,
> including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
> fixes a high-exposure security vulnerability in versions 9.0 and
> later. All users of the affected versions are strongly urged to apply
> the update immediately.
>
> A major security issue fixed in this release, CVE-2013-1899, makes it
> possible for a connection request containing a database name that
> begins with "-" to be crafted that can damage or destroy files within
> a server's data directory. Anyone with access to the port the
> PostgreSQL server listens on can initiate this request. This issue
> was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open
> Source Software Center.
Mi sembra una notizia importante da segnalare a tutti considerata la
diffusione di PostGIS. Aggiornate, aggiornate, aggiornate.
Ciao
steko
_______________________________________________
[hidden email]
http://lists.gfoss.it/cgi-bin/mailman/listinfo/gfossQuesta e' una lista di discussione pubblica aperta a tutti.
I messaggi di questa lista non hanno relazione diretta con le posizioni dell'Associazione GFOSS.it.
638 iscritti al 28.2.2013
Locked
