Age | Commit message (Collapse) | Author | Files | Lines |
|
Posted on 2005-05-12:
In order to address several security issues identified over the past two
weeks, as well as one "low probability" race condition, we are releasing new
version of PostgreSQL as far back as the 7.2.x branch.
Please note that the security issues were those already reported by Tom Lane,
as well as a manual fix for them. These releases are mainly to ensure that
those installing and/or upgrading existing installations have those fixes
automatically.
For details on the fixes, please see the HISTORY file included in the Release,
but a summary consists of:
* Change encoding function signature to prevent misuse
* Change "contrib/tsearch2" to avoid unsafe use of INTERNAL function results
* Repair race condition between relation extension and VACUUM This could
theoretically have caused loss of a page's worth of freshly-inserted data,
although the scenario seems of very low probability. There are no known
cases of it having caused more than an Assert failure.
|
|
|
|
|
|
|
|
* A vulnerability exists due to the insecure creation of temporary files,
which could possibly let a malicious user overwrite arbitrary files
* Repair possible failure to update hint bits on disk
Under rare circumstances this oversight could lead to "could not access
transaction status" failures, which qualifies it as a potential-data-loss bug.
|
|
Bump PKGREVISION.
|
|
PostgreSQL is a robust, next-generation, Object-Relational DBMS (ORDBMS),
derived from the Berkeley Postgres database management system. While
PostgreSQL retains the powerful object-relational data model, rich data types
and easy extensibility of Postgres, it replaces the PostQuel query language
with an extended subset of SQL.
PostgreSQL is free and the complete source is available.
This package contains the database documentation.
|