E.231. Release 7.3.18
Release date: 2007-02-05
This release contains a variety of fixes from 7.3.17, including
a security fix.
E.231.1. Migration to Version 7.3.18
A dump/restore is not required for those running 7.3.X.
However, if you are upgrading from a version earlier than
7.3.13, see Section E.236,
« Release 7.3.13 ».
E.231.2. Changes
-
Remove security vulnerability that allowed connected
users to read backend memory (Tom)
The vulnerability involves changing the data type of a
table column used in a SQL function (CVE-2007-0555).
This error can easily be exploited to cause a backend
crash, and in principle might be used to read database
content that the user should not be able to access.
-
Fix rare bug wherein btree index page splits could fail
due to choosing an infeasible split point (Heikki
Linnakangas)
-
Tighten security of multi-byte character processing for
UTF8 sequences over three bytes long (Tom)