PostgreSQL issues 'critical' update

The developers of the open source PostgreSQL database have issued a "critical" update to the software, urging users to modify their installations immediately to protect themselves from possible exploits. The fix -- which can be downloaded from PostgreSQL's Web site -- applies to the most recent version 8.

The developers of the open source PostgreSQL database have issued a "critical" update to the software, urging users to modify their installations immediately to protect themselves from possible exploits.

The fix -- which can be downloaded from PostgreSQL's Web site -- applies to the most recent version 8.1 of PostgreSQL, which was released just last November, in addition to older versions 8, 7.4 and 7.3.

"The fixes in the 8.1 and 8.0 branches are critical, especially for Windows users, and users of these branches are urged to update at their earliest opportunity," wrote PostgreSQL project member Marc G. Fournier in an e-mail to users.

Fournier said one fix repaired a denial of service vulnerability that could affect PostgreSQL running on Windows systems if too many connection attempts were simultaneously made to the database.

"Another critical fix repairs an error in ReadBuffer that can cause data loss due to overwriting recently-added pages," he wrote. "This applies to the 8.1 and 8.0 branches on all platforms."

The project member added further details of the problems would appear in the documentation for the updated versions of the software. It would take a few days for these details to be available online, he said.

PostgreSQL is an open source project constructed by around 200 software developers, and is licensed under the BSD license which allows it to be used in free or commercial software products at no charge.

It is one of the most popular open source databases, with the previous version 8.0 seeing an estimated one million downloads within seven months of release, according to the project's Web site. The database also comes free with a number of Linux distributions.

Back in November last year, Sun Microsystems announced plans to distribute and support PostgreSQL.