In order to address a potential security hole recently identified with the "LOAD" option, the PostgreSQL Global Development Group is announcing the release of new versions of PostgreSQL going back to the 7.2.x version.
postgresql please bump.
More details from USN-71-1 Details follow: John Heasman discovered a local privilege escalation in the PostgreSQL server. Any user could use the LOAD extension to load any shared library into the PostgreSQL server; the library's initialisation function was then executed with the permissions of the server. Now the use of LOAD is restricted to the database superuser (usually 'postgres'). Note: Since there is no way for normal database users to create arbitrary files, this vulnerability is not exploitable remotely, e. g. by uploading a shared library in the form of a Binary Large Object (BLOB) to a public web server.
ok. i'll do that in next few hours.
i've added these ebuilds to portage tree. postgresql-7.3.9.ebuild postgresql-7.4.7.ebuild postgresql-8.0.1.ebuild
arches, pls test and mark stable... 7.4.x appears to be the latest version that is marked all stable, so 7.4.7 should be the minimum to be stable. Pls consider also to test the other updated versions. (7.3.9 and 8.0.1) postgresql-7.4.7.ebuild: current KEYWORDS="x86 ~ppc sparc ~mips alpha ~arm hppa amd64 ~ia64 ~s390 ~ppc64" target KEYWORDS="x86 ppc sparc mips alpha arm hppa amd64 ia64 s390 ppc64" postgresql-8.0.1.ebuild: current KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64" postgresql-7.3.9.ebuild: current KEYWORDS="x86 ~ppc ~sparc ~alpha ~amd64 ~hppa ~ia64 ~mips"
stable on ppc64
7.3.9 to sparc stable.
postgresql-7.4.7 already stable on amd64. Tested and verified to work fine.
7.4.7 stable on alpha.
Stable on ppc. Sorry for the delay.
arm/ia64/s390 stable
mips stable.
GLSA 200502-08