Major PostgreSQL vulnerability

Security, SQL

This will affect a great many PostgreSQL installations. The key part:

An unauthenticated attacker may use this vulnerability to cause PostgreSQL error messages to be appended to targeted files in the PostgreSQL data directory on the server. Files corrupted in this way may cause the database server to crash, and to refuse to restart. The database server can be fixed either by editing the files and removing the garbage text, or restoring from backup.

All it takes for this to be exploited (and someone to break your SQL server) is an open PostgreSQL port (default 5432). SSL and authentication offer no protection here.

To secure your server, update to one of the versions released today. To also avoid future vulnerabilities, best wrap your SQL connections into SSH, a VPN or at least limit access by IP filtering. If you don't need remote access, you can turn the listener off entirely and only use a domain socket, or bind to the loopback interface (which I believe is the default).