2016-04-09 14:51:50 by Adam Ciarcinski | Files touched by this commit (90) | |
Log message:
The PostgreSQL Global Development Group has released an update to all supported \
versions of our database system, including 9.5.2, 9.4.7, 9.3.12, 9.2.16, and \
9.1.21. This release fixes two security issues and one index corruption issue in \
version 9.5. It also contains a variety of bug fixes for earlier versions. Users \
of PostgreSQL 9.5.0 or 9.5.1 should update as soon as possible.
This release closes security hole CVE-2016-2193, where a query plan might get \
reused for more than one ROLE in the same session. This could cause the wrong \
set of Row Level Security (RLS) policies to be used for the query.
The update also fixes CVE-2016-3065, a server crash bug triggered by using \
pageinspect with BRIN index pages. Since an attacker might be able to expose a \
few bytes of server memory, this crash is being treated as a security issue.
|
2016-03-15 11:55:26 by Filip Hajny | Files touched by this commit (13) |
Log message:
Remove stray SunOS project definition from some SMF manifests.
These should never have made it in. Bump resp. PKGREVISIONs.
|
2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) |
Log message:
Bump PKGREVISION for security/openssl ABI bump.
|
2015-10-10 12:22:20 by Adam Ciarcinski | Files touched by this commit (5) |
Log message:
Changes 9.4.5:
Two security issues have been fixed in this release which affect users of \
specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary user input \
can crash the PostgreSQL server and cause a denial of service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto \
extension could be exploited to read a few additional bytes of memory. No \
working exploit for this issue has been developed.
|
2015-02-12 10:34:28 by Adam Ciarcinski | Files touched by this commit (5) |
Log message:
Changes 9.4.1:
Security Fixes
* CVE-2015-0241 Buffer overruns in "to_char" functions.
* CVE-2015-0242 Buffer overrun in replacement printf family of functions.
* CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
* CVE-2015-0244 An error in extended protocol message reading.
* CVE-2014-8161 Constraint violation errors can cause display of values in \
columns which the user would not normally have rights to see.
JSON and JSONB Unicode Escapes
Other Fixes and Improvements
* Cope with the non-ASCII Norwegian Windows locale name.
* Avoid data corruption when databases are moved to new tablespaces and back again.
* Ensure that UNLOGGED tables are correctly copied during ALTER DATABASE operations.
* Avoid deadlocks when locking recently modified rows.
* Fix two SELECT FOR UPDATE query issues.
* Prevent false negative for shortest-first regular expression matches.
* Fix false positives and negatives in tsquery contains operator.
* Fix namespace handling in xpath().
* Prevent row-producing functions from creating empty column names.
* Make autovacuum use per-table cost_limit and cost_delay settings.
* When autovacuum=off, limit autovacuum work to wraparound prevention only.
* Multiple fixes for logical decoding in 9.4.
* Fix transient errors on hot standby queries due to page replacement.
* Prevent duplicate WAL file archiving at end of recovery or standby promotion.
* Prevent deadlock in parallel restore of schema-only dump.
|
2015-01-14 22:01:20 by Adam Ciarcinski | Files touched by this commit (76) |
Log message:
PostgreSQL 9.4.0:
This release adds many new features which enhance PostgreSQL's flexibility, \
scalability and performance for many different types of database users, \
including improvements to JSON support, replication and index performance.
|