Opened 8 years ago

Closed 8 years ago

#4718 closed enhancement (fixed)

PostgreSQL 9.3.3

Reported by: Fernando de Oliveira Owned by: ken@…
Priority: normal Milestone: 7.5
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://ftp.postgresql.org/pub/source/v9.3.3/postgresql-9.3.3.tar.bz2

URL above is different from the book.

http://www.postgresql.org/about/news/1506/

PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16 and 8.4.20 released! Posted on Feb. 20, 2014

The PostgreSQL Global Development Group has released an important update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20. This update contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. All users are urged to update their installations at the earliest opportunity, especially those using binary replication or running a high-security application. Security Fixes

Attachments (1)

postgresql.patch (4.5 KB ) - added by Armin K 8 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 by Armin K, 8 years ago

I suggest updating to this package for 7.5 since it fixes security issues, but it's your call.

comment:2 by Fernando de Oliveira, 8 years ago

I agree, but is it possible for this to break any other package? Anyway, I would like to ask Igor, if he agrees and if he can do it.

comment:3 by Fernando de Oliveira, 8 years ago

Or, recalling the post in lfs dev, if Igor agrees and perhaps you do? Already almost blind, and did not even start updating, today. Will take a rest, perhaps will be back only tomaorrow, but will try today, later.

comment:4 by Armin K, 8 years ago

I can send a patch if necessary, I'll be building it later today.

comment:5 by ken@…, 8 years ago

Perhaps we ought to mention part of what it says at http://www.postgresql.org/about/news/1506/ :

With this release, we are also alerting users to a known security hole that allows other users on the same machine to gain access to an operating system account while it is doing "make check": CVE-2014-0067. "Make check" is normally part of building PostgreSQL from source code. As it is not possible to fix this issue without causing significant issues to our testing infrastructure, a patch will be released separately and publicly. Until then, users are strongly advised not to run "make check" on machines where untrusted users have accounts.

comment:6 by Armin K, 8 years ago

I have one more package to build before PostgreSQL, so if it's okay with you two I'll update what's needed and add the note about make check?

by Armin K, 8 years ago

Attachment: postgresql.patch added

comment:7 by Armin K, 8 years ago

Patch for updating the instructions is attached

comment:8 by ken@…, 8 years ago

Owner: changed from blfs-book@… to ken@…

comment:9 by ken@…, 8 years ago

Milestone: 7.67.5
Resolution: fixed
Status: newclosed

Applied in r12755. Thanks.

Note: See TracTickets for help on using tickets.