IdentifiantMot de passe
Loading...
Mot de passe oublié ?Je m'inscris ! (gratuit)

E.282. Release 7.3.18

Release date: 2007-02-05

This release contains a variety of fixes from 7.3.17, including a security fix.

E.282.1. Migration to Version 7.3.18

A dump/restore is not required for those running 7.3.X. However, if you are upgrading from a version earlier than 7.3.13, see Section E.287, « Release 7.3.13 ».

E.282.2. Changes

  • Remove security vulnerability that allowed connected users to read backend memory (Tom)

    The vulnerability involves changing the data type of a table column used in a SQL function (CVE-2007-0555). This error can easily be exploited to cause a backend crash, and in principle might be used to read database content that the user should not be able to access.

  • Fix rare bug wherein btree index page splits could fail due to choosing an infeasible split point (Heikki Linnakangas)

  • Tighten security of multi-byte character processing for UTF8 sequences over three bytes long (Tom)