PostgreSQL 9.4.2, 9.3.7, 9.2.11, 9.1.16 & 9.0.20 Released!

The PostgreSQL Global Development Group has released an update with multiple functionality and security fixes to all supported versions of the PostgreSQL database system, which includes minor versions 9.4.2, 9.3.7, 9.2.11, 9.1.16, and 9.0.20. The update contains a critical fix for a potential data corruption issue in PostgreSQL 9.3 and 9.4; users of those versions should update their servers at the next possible opportunity.

postgresql

Data Corruption Fix

  • For users of PostgreSQL versions 9.3 or 9.4, this release fixes a problem where the database will fail to protect against “multixact wraparound”, resulting in data corruption or loss. Users with a high transaction rate (1 million or more per hour) in a database with many foreign keys are especially vulnerable. We strongly urge all users of 9.4 and 9.3 to update their installations in the next few days.
  • Users of versions 9.2 and earlier are not affected by this issue.

Security Fixes

  • This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. None of these issues are seen as particularly urgent:
    • CVE-2015-3165 Double “free” after authentication timeout.
    • CVE-2015-3166 Unanticipated errors from the standard library.
    • CVE-2015-3167 pgcrypto has multiple error messages for decryption with an incorrect key.
  • Also recommending that all users who use Kerberos, GSSAPI, or SSPI authentication set include_realm to 1 in pg_hba.conf, which will become the default in future versions.

Other Fixes and Improvements

  • A new, non-default version of the citext extension fixes its previously undocumented regexp_matches() functions to align with the ordinary text version of those functions.
  • In addition to the above, more than 50 reported issues have been fixed in this cumulative update release. These fixes include:
    • Render infinite dates and timestamps as infinity when converting to json
    • Fix json/jsonb’s populate_record() and to_record()
    • Fix incorrect checking of deferred exclusion constraints
    • Improve planning of star-schema-style queries
    • Fix three issues with planning joins
    • Ensure correct locking with security barrier views
    • Fix deadlock at startup when max_prepared_transactions is too small
    • Recursively fsync() the data directory after a crash
    • Fix autovacuum launcher’s possible failure to shut down
    • Cope with unexpected signals in LockBufferForCleanup()
    • Fix crash when doing COPY IN to a table with check constraints
    • Avoid waiting for synchronous replication of read-only transactions
    • Fix two issues with hash indexes
    • Prevent memory leaks in GIN index vacuum
    • Fix two issues with background workers
    • Several fixes to Logical Decoding replication
    • Fix several minor issues with pg_dump and pg_upgrade
  • This release includes an update to tzdata release 2015d, with updates to Egypt, Mongolia, and Palestine, plus historical changes in Canada and Chile.

Install PostgreSQL on Ubuntu 14.10

deb http://apt.postgresql.org/pub/repos/apt/ utopic-pgdg main

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \

sudo apt-key add -

sudo apt-get update

sudo apt-get upgrade

sudo apt-get install postgresql-9.4 pgadmin3

Install PostgreSQL on Ubuntu 14.04

deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \

sudo apt-key add -

sudo apt-get update

sudo apt-get upgrade

sudo apt-get install postgresql-9.4 pgadmin3
 
comments powered by Disqus