[ubuntu/hardy-security] postgresql-8.3 8.3.23-0ubuntu8.04 (Accepted)
marc.deslauriers at canonical.com
Tue Feb 12 13:06:32 UTC 2013
postgresql-8.3 (8.3.23-0ubuntu8.04) hardy-security; urgency=low
* New upstream security/bug fix release: (LP: #1116336)
- Prevent execution of enum_recv from SQL
The function was misdeclared, allowing a simple SQL command to crash the
server. In principle an attacker might be able to use it to examine the
contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
for reporting this issue. (CVE-2013-0255)
- See HISTORY/changelog.gz for details about other changes.
* 03-gettext-domains.patch: Unfuzz for new version.
postgresql-8.3 (8.3.22-0ubuntu8.04) hardy-proposed; urgency=low
* New upstream bug fix release: (LP: #1088393)
- Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
changing the state of an index's pg_index row. This prevents race
conditions that could cause concurrent sessions to miss updating
the target index, thus resulting in corrupt concurrently-created
Also, fix various other operations to ensure that they ignore
invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
command. The most important of these is "VACUUM", because an
auto-vacuum could easily be launched on the table before corrective
action can be taken to fix or remove the invalid index.
- See HISTORY/changelog.gz for details about the other bug fixes.
postgresql-8.3 (8.3.21-0ubuntu8.04) hardy-proposed; urgency=low
* New upstream bug fix release: (LP: #1055944)
- Improve page-splitting decisions in GiST indexes.
Multi-column GiST indexes might suffer unexpected bloat due to this
- Fix cascading privilege revoke to stop if privileges are still held.
If we revoke a grant option from some role "X", but "X" still holds
that option via a grant from someone else, we should not
recursively revoke the corresponding privilege from role(s) "Y"
that "X" had granted it to.
- Fix handling of SIGFPE when PL/Perl is in use.
Perl resets the process's SIGFPE handler to SIG_IGN, which could
result in crashes later on. Restore the normal Postgres signal
handler after initializing PL/Perl.
- Prevent PL/Perl from crashing if a recursive PL/Perl function is
redefined while being executed.
- Work around possible misoptimization in PL/Perl.
Some Linux distributions contain an incorrect version of
"pthread.h" that results in incorrect compiled code in PL/Perl,
leading to crashes if a PL/Perl function calls another one that
throws an error.
Date: 2013-02-07 16:20:12.132584+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Hardy-changes