DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th February 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,148
Thanked 182 Times in 149 Posts
Default PostgreSQL updates to close denial-of-service hole

From http://h-online.com/-1799938

Quote:
A misdeclared enum_recv function within PostgreSQL meant that a simple SQL command was all that was needed to crash PostgreSQL. The hole, assigned the number CVE-2013-0255 for easy identification, could be used to examine the contents of server memory, at least in theory. The PostgreSQL developers have therefore announced the release of updates to PostgreSQL 9.2, 9.1, 9.0, 8.4 and 8.3 to fix the bug and close the hole.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 8th February 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,886
Thanked 190 Times in 160 Posts
Default

Already fixed in OpenBSD:
  • For those running 5.2-stable, here's the check-in message for PostgreSQL 9.1.8.
  • For -current users (& the version most likely be shipping with OpenBSD 5.3... ), here's the check-in message for PostgreSQL 9.2.3.
Happy relations!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security BIND DNS server updates close critical hole J65nko News 0 10th October 2012 09:42 PM
Security PostgreSQL updates close security holes J65nko News 3 29th February 2012 07:19 PM
28C3: Denial-of-Service attacks on web applications made easy J65nko News 0 30th December 2011 08:41 PM
New denial of service tool knocks out encrypting servers J65nko News 1 26th October 2011 08:05 AM
phpMyAdmin updates close XSS hole J65nko News 0 26th August 2011 10:15 AM


All times are GMT. The time now is 06:42 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick