- From: Bryan McLellan <
>
- To: "
" <
>
- Subject: [chef] Todays PostgreSQL security announcement
- Date: Thu, 4 Apr 2013 17:08:19 +0000
- Accept-language: en-US
Today PostgreSQL announced CVE-2013-1899 [1], a vulnerability that allows a
remote attacker with access to the PostgreSQL port to cause malicious damage
to a database. The Chef 11 server Omnibus package includes PostgreSQL v9.2.1,
which is vulnerable, however it is bound to localhost by default so it is
only accessible from the server itself thereby mitigating the vulnerability
to users with access to the system.
We will include a patched version of PostgreSQL in the upcoming 11.0.8-server
release. CHEF-4060 [2] has been assigned to this update. We should have a
release candidate early next week and the actual release not to far behind.
---
Bryan McLellan | opscode | technical program manager, open source
(c) 206.607.7108 | (t) @btmspox | (b)
http://blog.loftninjas.org
[1]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
[2]
http://tickets.opscode.com/browse/CHEF-4060
- [chef] Todays PostgreSQL security announcement, Bryan McLellan, 04/04/2013
Archive powered by MHonArc 2.6.16.