[blfs-book] [BLFS Trac] #6121: postgresql-9.4.1

Fri, 06 Feb 2015 03:54:13 -0800 

#6121: postgresql-9.4.1
-------------------------+-------------------------
 Reporter:  fo           |      Owner:  blfs-book@…
     Type:  enhancement  |     Status:  new
 Priority:  highest      |  Milestone:  7.7
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:
-------------------------+-------------------------
 [http://ftp.postgresql.org/pub/source/v9.4.1/postgresql-9.4.1.tar.bz2]

 [http://www.postgresql.org/about/news/1569/]

 {{{
 The PostgreSQL Global Development Group has released an important update
 with fixes for multiple security issues to all supported versions of the
 PostgreSQL database system, which includes minor versions 9.4.1, 9.3.6,
 9.2.10, 9.1.15, and 9.0.19. This update includes both security fixes and
 fixes for issues discovered since the last release. In particular for
 the 9.4 update, there is a change to the way unicode strings are escaped
 for the JSON and JSONB data types.

 All users should update their PostgreSQL installation at the next
 opportunity.

 Security Fixes

 This update fixes multiple security issues reported in PostgreSQL over
 the past few months. All of these issues require prior authentication,
 and some require additional conditions, and as such are not considered
 generally urgent. However, users should examine the list of security
 holes patched below in case they are particularly vulnerable.

     CVE-2015-0241 Buffer overruns in "to_char" functions.
     CVE-2015-0242 Buffer overrun in replacement printf family of
 functions.
     CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
     CVE-2015-0244 An error in extended protocol message reading.
     CVE-2014-8161 Constraint violation errors can cause display of
     values in columns which the user would not normally have rights to
     see.

 This update also fixes the previously reported problem that, during
 regression testing on Windows, the test postmaster process was
 vulnerable to unauthorized connections. This vulnerability was fixed on
 non-Windows platforms in the prior update releases.

 More information about these issues, as well as older patched issues, is
 available on the PostgreSQL Security Page.

 JSON and JSONB Unicode Escapes

 ...

 Other Fixes and Improvements

 ...
 }}}

-- 
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/6121>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to