PostgreSQL Patches DOS Vulnerability, Other Security Issues

PostgreSQL, a database management system for Linux, FreeBSD and other platforms patched a hole today that could have opened the system up to a denial-of-service (DOS) vulnerability in addition to a slew of other security flaws.

An attacker could have leveraged the DOS vulnerability (CVE-2013-0255) as an authenticated user to crash the server by “calling an internal function with invalid arguments.” The issue was discovered by independent researcher Sumit Soni earlier this week, according to an update from PostgreSQL, then reported through Secunia’s Vulnerability Coordination Reward Program.

Other little fixes, like documentation updates, concurrency issues and activity log management issues are fixed in the update, which affects versions 9.2.3, 9.1.8, 9.0.12, 8.4.16, and 8.3.23 of the system. According to the blog post, users of the system are being encouraged to update their installations as soon as possible while users running 8.3 are advised to update but are also being warned this will be their last, as the version is now end-of-life (EOL).