PostgreSQL Suffers from ‘Sufficiently Bad’ Security Flaw, Repositories Locked Down

Developers have also revealed that the lock down is only temporary and during this phase committers will have access to the repositories. The reason for the lockdown is to ensure that malicious users don’t work out an exploit by monitoring the changes to the source code while it is being implemented to fix the flaw. The lockdown is definitely an exceptional one and the core committee has announced that they “apologize in advance for any disruption” adding that “It seems necessary in this instance, however”.

Currently the flaw isn’t fixed but the PostgreSQL Global Development Group has provided a notice as well thereby advising users to apply the update on their production servers as soon as the lockdown is withdrawn and update is available. The group has announced that the security fix is for vulnerability that may lead of high exposure if exploited.

The release for the fix is expected sometime in the first week of April – probably April 4. The fix will require installation of the updated packages and will also require a database service restart.