There is currently postgres 8.1.4 in the backports, 8.1.5 address this
security updates :
* CVE-2006-5540: backend/parser/analyze.c in PostgreSQL 8.1.x
allowed remote authenticated users to cause a denial of
service (daemon crash) via certain aggregate functions in an
UPDATE statement, which are not properly handled during a
"MIN/MAX index optimization."
* CVE-2006-5541: backend/parser/parse_coerce.c in PostgreSQL 7.4.1
through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5
allows remote authenticated users to cause a denial of service
(daemon crash) via a coercion of an unknown element to ANYARRAY.
* CVE-2006-5542: backend/tcop/postgres.c in PostgreSQL 8.1.x
before 8.1.5 allows remote authenticated users to cause a denial
of service (daemon crash) related to duration logging of
V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL
and 8.1.6 (just out today) address multiple bugfixes.
Is it possible to upgrade the backport to 8.1.6 ?
Chmouel Boudjnah - Head Sysadmin - Squiz.net