Security

Reply
New Contributor
Posts: 2
Registered: ‎06-13-2011

PostgreSQL DB vulnerability announcement in amigopod

Should we be expecting to see a  vulnerability announcement  from Aruba (and some sort of expectation of a patch)

for the amigopod based on the PostgreSQL Security Update ?

http://www.postgresql.org/support/security/faq/2013-04-04/

 

Forgive me if I have missed it.

Many thanks,

Jon

 

Aruba
Posts: 113
Registered: ‎11-21-2011

Re: PostgreSQL DB vulnerability announcement in amigopod

Note that in Amigopod 3.9.x, the Postgresql database is not accessible from the network.

 

So this vulnerability, while it exists in the version of postgresql currently being used, cannot be exploited from the network.

 

Caution:  If you have enabled the "Enable remote access to the database" checkbox under Administrator » System Control » Database Config, this is a potential hole.  In this case, you should ensure that the access-control list in "Permitted Hosts" is specified, and that this ACL does not allow guests to access the database server.

 

I'm not speaking in an official capacity here, but you should expect to see some form of patch for this vulnerability nonetheless.

 

New Contributor
Posts: 2
Registered: ‎06-13-2011

Re: PostgreSQL DB vulnerability announcement in amigopod

Many thanks Dave for your prompt  reply and the Host firewalling details

regards Jon

Search Airheads
Showing results for 
Search instead for 
Did you mean: