On Thu, Apr 4, 2013 at 06:39:22PM +0200, Mads.Tandrup@xxxxxxxxxxxxxxxxxxxxxx wrote: > Hi All > > I'm trying to understand the implications of the latest security fix to > postgresql [1]. > > We have a setup were we in pg_hba.conf have limited the allowed IP addresses of > the clients. But does anyone know if CVE-2013-1899 allows an arbitrary attacker > to use the exploits described in [1]? Yes, if you were running 9.0+. pg_hba.conf does not limit access sufficiently, though listen_addresses does. > We are using PostgreSQL 8.4. 8.4 does not contain the bug. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general