| Thread Previous • Date Previous • Date Next • Thread Next |
On 04/04/2013 04:53 PM, Marco Dieckhoff wrote:
Am 04.04.2013 16:40, schrieb Brendan Clune:Something which affects us all... http://www.postgresql.org/about/news/1456/Sadly, it looks like neither Ubuntu 12.04 (Server, LTS) nor Debian Wheezy/Sid has a version newer than the ones mentioned above... Or my mirrors don't have them yet.
The Ubuntu repositories have now been updated so PostgreSQL 9.1.9 is available for all users of Ubuntu 11.10, 12.04 and 12.10:
http://www.ubuntu.com/usn/usn-1789-1/The serious vulnerability only affect PostgreSQL 9.X. Users of Postgres 8.X are safe from that specific Denial Of Service attack.
Updating your Ubuntu server is as simple as: sudo apt-get update sudo apt-get dist-upgradeDebian repositories do not have PostgreSQL 9.1.9, but are expected to be updated soon.
This vulnerability is very serious and can be exploited trivially via OpenERP even if your database server is not listening on a public interface (and even if you use --db-filter)! Attackers can use it to remotely crash your databases in a way that will require a manual fix or a restore from backup.
We are considering releasing a security update for OpenERP to prevent exploiting the vulnerability even on unpatched PostgreSQL versions.
Note: It is usually necessary to restart your OpenERP servers after upgrading PostgreSQL, except if you are using a version of OpenERP 7.0 dated after February 19, 2013 (see http://pad.lv/905257 for more info)
| Thread Previous • Date Previous • Date Next • Thread Next |
