An update to PostgreSQL has been released that addresses several bugs including two security vulnerabilities. The patches in this release address a privilege escalation issue and another problem that allows an attacker to run arbitrary tcl scripts through the pltcl_modules table.
Even if you don't have PostgreSQL in production, your developers might have stood up PostgreSQL instances internally as a cost-saving measure for their own development and test platforms.
References:
http://www.postgresql.org/about/news.1203
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment