[ubuntu/precise-security] postgresql-9.1 9.1.8-0ubuntu12.04 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Feb 12 13:06:50 UTC 2013

postgresql-9.1 (9.1.8-0ubuntu12.04) precise-security; urgency=low

  * New upstream security/bug fix release: (LP: #1116336)
    - Prevent execution of enum_recv from SQL
      The function was misdeclared, allowing a simple SQL command to crash the
      server.  In principle an attacker might be able to use it to examine the
      contents of server memory.  Our thanks to Sumit Soni (via Secunia SVCRP)
      for reporting this issue. (CVE-2013-0255)
    - See HISTORY/changelog.gz for the other bug fixes.

postgresql-9.1 (9.1.7-0ubuntu12.04) precise-proposed; urgency=low

  * New upstream bug fix release: (LP: #1088393)
    - Fix multiple bugs associated with "CREATE INDEX CONCURRENTLY".
      Fix "CREATE INDEX CONCURRENTLY" to use in-place updates when
      changing the state of an index's pg_index row. This prevents race
      conditions that could cause concurrent sessions to miss updating
      the target index, thus resulting in corrupt concurrently-created
      Also, fix various other operations to ensure that they ignore
      invalid indexes resulting from a failed "CREATE INDEX CONCURRENTLY"
      command. The most important of these is "VACUUM", because an
      auto-vacuum could easily be launched on the table before corrective
      action can be taken to fix or remove the invalid index.
    - Fix buffer locking during WAL replay.
      The WAL replay code was insufficiently careful about locking
      buffers when replaying WAL records that affect more than one page.
      This could result in hot standby queries transiently seeing
      inconsistent states, resulting in wrong answers or unexpected
    - See HISTORY/changelog.gz for the other bug fixes.
  * Drop 00git_ecpg_array_bounds.patch, fixed upstream.

postgresql-9.1 (9.1.6-0ubuntu12.04.1) precise-proposed; urgency=low

  * Add debian/patches/00git_ecpg_array_bounds.patch: Fix test for array
    boundary in ecpg. Patch backported from upstream git. (LP: #1063613)

postgresql-9.1 (9.1.6-0ubuntu12.04) precise-proposed; urgency=low

  * New upstream bug fix release: (LP: #1055944)
    - Fix persistence marking of shared buffers during WAL replay.
      This mistake can result in buffers not being written out during
      checkpoints, resulting in data corruption if the server later
      crashes without ever having written those buffers. Corruption can
      occur on any server following crash recovery, but it is
      significantly more likely to occur on standby slave servers since
      those perform much more WAL replay. There is a low probability of
      corruption of btree and GIN indexes. There is a much higher
      probability of corruption of table "visibility maps". Fortunately,
      visibility maps are non-critical data in 9.1, so the worst
      consequence of such corruption in 9.1 installations is transient
      inefficiency of vacuuming. Table data proper cannot be corrupted by
      this bug.
      While no index corruption due to this bug is known to have occurred
      in the field, as a precautionary measure it is recommended that
      production installations "REINDEX" all btree and GIN indexes at a
      convenient time after upgrading to 9.1.6.
      Also, if you intend to do an in-place upgrade to 9.2.X, before
      doing so it is recommended to perform a "VACUUM" of all tables
      while having vacuum_freeze_table_age set to zero. This will ensure
      that any lingering wrong data in the visibility maps is corrected
      before 9.2.X can depend on it. vacuum_cost_delay can be adjusted to
      reduce the performance impact of vacuuming, while causing it to
      take longer to finish.
    - See HISTORY/changelog.gz for the other bug fixes.

Date: 2013-02-07 16:20:18.246519+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list