04-05-2013 02:23 AM
Should we be expecting to see a vulnerability announcement from Aruba (and some sort of expectation of a patch)
for the amigopod based on the PostgreSQL Security Update ?
Forgive me if I have missed it.
04-05-2013 03:36 PM
Note that in Amigopod 3.9.x, the Postgresql database is not accessible from the network.
So this vulnerability, while it exists in the version of postgresql currently being used, cannot be exploited from the network.
Caution: If you have enabled the "Enable remote access to the database" checkbox under Administrator » System Control » Database Config, this is a potential hole. In this case, you should ensure that the access-control list in "Permitted Hosts" is specified, and that this ACL does not allow guests to access the database server.
I'm not speaking in an official capacity here, but you should expect to see some form of patch for this vulnerability nonetheless.