PostgreSQL releases security and bug fix update
The PostgreSQL project has released minor versions of all supported series (9.3.3, 9.2.7, 9.1.12, 9.0.16, and
8.4.20) for a number of privilege escalation flaws in the database along with some replication and data integrity fixes. The project also announced a privilege escalation that can occur while running the regression tests using "make check" (which has not been fixed yet). "This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066." More information is available on the release-specific wiki page and on the general security page.
"All
users are urged to update their installations at the earliest
opportunity, especially those using binary replication or running a
high-security application."