[ubuntu/vivid-security] postgresql-9.4 9.4.5-0ubuntu0.15.04 (Accepted)

Seth Arnold seth.arnold at canonical.com
Fri Oct 16 01:44:25 UTC 2015 

postgresql-9.4 (9.4.5-0ubuntu0.15.04) vivid-security; urgency=medium

  * New upstream security/bug fix release: (LP: #1504132)
    - Guard against stack overflows in json parsing.
      If an application constructs PostgreSQL json or jsonb values from
      arbitrary user input, the application's users can reliably crash the
      PostgreSQL server, causing momentary denial of service.  (CVE-2015-5289)

    - Fix contrib/pgcrypto to detect and report too-short crypt() salts
      Certain invalid salt arguments crashed the server or disclosed a few
      bytes of server memory.  We have not ruled out the viability of attacks
      that arrange for presence of confidential information in the disclosed
      bytes, but they seem unlikely.  (CVE-2015-5288)

    - See release notes for details about other fixes.

postgresql-9.4 (9.4.4-0ubuntu0.15.04) vivid-proposed; urgency=medium

  * New upstream bug fix release (LP: #1464669)
    - Fix possible failure to recover from an inconsistent database state
    - Fix rare failure to invalidate relation cache init file
    - See http://www.postgresql.org/about/news/1592/ for details.

postgresql-9.4 (9.4.3-0ubuntu0.15.04) vivid-proposed; urgency=medium

  * New upstream bug fix release (LP: #1461425)
    - Avoid failures while fsync'ing data directory during crash restart.

      In the previous minor releases we added a patch to fsync everything in
      the data directory after a crash.  Unfortunately its response to any
      error condition was to fail, thereby preventing the server from starting
      up, even when the problem was quite harmless.  An example is that an
      unwritable file in the data directory would prevent restart on some
      platforms; but it is common to make SSL certificate files unwritable by
      the server.  Revise this behavior so that permissions failures are
      ignored altogether, and other types of failures are logged but do not
      prevent continuing.

   - See release notes for details about other fixes.

Date: 2015-10-10 02:19:13.191425+00:00
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Signed-By: Seth Arnold <seth.arnold at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-9.4/9.4.5-0ubuntu0.15.04
-------------- next part --------------
Sorry, changesfile not available.

More information about the Vivid-changes mailing list