Ubuntu

New bug fix releases: 8.4.9, 8.3.16

Reported by Martin Pitt on 2011-10-04
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-8.3 (Ubuntu)
Undecided
Unassigned
Hardy
High
Ubuntu Security Team
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
postgresql-8.4 (Debian)
Fix Released
Unknown
postgresql-8.4 (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Medium
Ubuntu Security Team

Bug Description

PostgreSQL published new microreleases about a week ago: http://www.postgresql.org/about/news.1355

This fixes a security issue and several bugs, as usual. As per the standing microrelease exception these should go into stables.

Martin Pitt (pitti) wrote :

All these are already fixed in postgresql-9.1 9.1.1 in Oneiric.

security vulnerability: no → yes
Changed in postgresql-8.3 (Ubuntu):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Hardy):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → In Progress
Changed in postgresql-8.4 (Ubuntu):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Lucid):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Maverick):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu Hardy):
status: New → In Progress
Changed in postgresql-8.3 (Ubuntu Natty):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu Hardy):
status: In Progress → Invalid
Martin Pitt (pitti) wrote :

8.4 Packages:

http://people.canonical.com/~pitti/packages/psql/natty/ (this one has the orig.tar.gz, built with -sa)
http://people.canonical.com/~pitti/packages/psql/maverick/ (no orig.tar.gz, shared with natty)
http://people.canonical.com/~pitti/packages/psql/lucid/ (no orig.tar.gz, shared with natty)

As they should go through -security, they will need to be sponsored.

Changed in postgresql-8.4 (Ubuntu Natty):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
importance: Undecided → Medium
status: New → Fix Committed
Changed in postgresql-8.4 (Ubuntu Maverick):
status: New → Fix Committed
Martin Pitt (pitti) wrote :
Changed in postgresql-8.3 (Ubuntu Hardy):
assignee: Martin Pitt (pitti) → Ubuntu Security Team (ubuntu-security)
status: In Progress → Fix Committed
Changed in postgresql-8.4 (Ubuntu Lucid):
status: New → Fix Committed
Changed in postgresql-8.4 (Debian):
status: Unknown → Fix Released
Marc Deslauriers (mdeslaur) wrote :

Thanks Martin, I'm uploading them to the security PPA now, and will release them on tuesday.

Launchpad Janitor (janitor) wrote :
Download full text (7.0 KiB)

This bug was fixed in the package postgresql-8.4 - 8.4.9-0ubuntu0.11.04

---------------
postgresql-8.4 (8.4.9-0ubuntu0.11.04) natty-security; urgency=low

  * New upstream bug fix/security release: (LP: #866049)
     - Fix bugs in indexing of in-doubt HOT-updated tuples.
       These bugs could result in index corruption after reindexing a
       system catalog. They are not believed to affect user indexes.
     - Fix multiple bugs in GiST index page split processing.
       The probability of occurrence was low, but these could lead to
       index corruption.
     - Fix possible buffer overrun in tsvector_concat().
       The function could underestimate the amount of memory needed for
       its result, leading to server crashes.
     - Fix crash in xml_recv when processing a "standalone" parameter.
     - Make pg_options_to_table return NULL for an option with no value.
       Previously such cases would result in a server crash.
     - Avoid possibly accessing off the end of memory in "ANALYZE" and in
       SJIS-2004 encoding conversion.
       This fixes some very-low-probability server crash scenarios.
     - Prevent intermittent hang in interactions of startup process with
       bgwriter process.
       This affected recovery in non-hot-standby cases.
     - Fix race condition in relcache init file invalidation.
       There was a window wherein a new backend process could read a stale
       init file but miss the inval messages that would tell it the data
       is stale. The result would be bizarre failures in catalog accesses,
       typically "could not read block 0 in file ..." later during
       startup.
     - Fix memory leak at end of a GiST index scan.
       Commands that perform many separate GiST index scans, such as
       verification of a new GiST-based exclusion constraint on a table
       already containing many rows, could transiently require large
       amounts of memory due to this leak.
     - Fix incorrect memory accounting (leading to possible memory bloat)
       in tuplestores supporting holdable cursors and plpgsql's RETURN
       NEXT command.
     - Fix performance problem when constructing a large, lossy bitmap.
     - Fix join selectivity estimation for unique columns.
       This fixes an erroneous planner heuristic that could lead to poor
       estimates of the result size of a join.
     - Fix nested PlaceHolderVar expressions that appear only in
       sub-select target lists. This mistake could result in outputs of an
       outer join incorrectly appearing as NULL.
     - Allow nested EXISTS queries to be optimized properly.
     - Fix array- and path-creating functions to ensure padding bytes are
       zeroes. This avoids some situations where the planner will think that
       semantically-equal constants are not equal, resulting in poor
       optimization.
     - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan
       subplans. The usual symptom of this oversight was "bogus varno" errors.
     - Work around gcc 4.6.0 bug that breaks WAL replay. This could lead to
       loss of committed transactions after a server crash.
     - Fix dump bug for VALUES in a view.
  ...

Read more...

Launchpad Janitor (janitor) wrote :
Download full text (6.9 KiB)

This bug was fixed in the package postgresql-8.4 - 8.4.9-0ubuntu0.10.10

---------------
postgresql-8.4 (8.4.9-0ubuntu0.10.10) maverick-security; urgency=low

  * New upstream bug fix/security release: (LP: #866049)
    - Fix bugs in indexing of in-doubt HOT-updated tuples.
      These bugs could result in index corruption after reindexing a
      system catalog. They are not believed to affect user indexes.
    - Fix multiple bugs in GiST index page split processing.
      The probability of occurrence was low, but these could lead to
      index corruption.
    - Fix possible buffer overrun in tsvector_concat().
      The function could underestimate the amount of memory needed for
      its result, leading to server crashes.
    - Fix crash in xml_recv when processing a "standalone" parameter.
    - Make pg_options_to_table return NULL for an option with no value.
      Previously such cases would result in a server crash.
    - Avoid possibly accessing off the end of memory in "ANALYZE" and in
      SJIS-2004 encoding conversion.
      This fixes some very-low-probability server crash scenarios.
    - Prevent intermittent hang in interactions of startup process with
      bgwriter process.
      This affected recovery in non-hot-standby cases.
    - Fix race condition in relcache init file invalidation.
      There was a window wherein a new backend process could read a stale
      init file but miss the inval messages that would tell it the data
      is stale. The result would be bizarre failures in catalog accesses,
      typically "could not read block 0 in file ..." later during
      startup.
    - Fix memory leak at end of a GiST index scan.
      Commands that perform many separate GiST index scans, such as
      verification of a new GiST-based exclusion constraint on a table
      already containing many rows, could transiently require large
      amounts of memory due to this leak.
    - Fix incorrect memory accounting (leading to possible memory bloat)
      in tuplestores supporting holdable cursors and plpgsql's RETURN
      NEXT command.
    - Fix performance problem when constructing a large, lossy bitmap.
    - Fix join selectivity estimation for unique columns.
      This fixes an erroneous planner heuristic that could lead to poor
      estimates of the result size of a join.
    - Fix nested PlaceHolderVar expressions that appear only in
      sub-select target lists. This mistake could result in outputs of an
      outer join incorrectly appearing as NULL.
    - Allow nested EXISTS queries to be optimized properly.
    - Fix array- and path-creating functions to ensure padding bytes are
      zeroes. This avoids some situations where the planner will think that
      semantically-equal constants are not equal, resulting in poor
      optimization.
    - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan
      subplans. The usual symptom of this oversight was "bogus varno" errors.
    - Work around gcc 4.6.0 bug that breaks WAL replay. This could lead to
      loss of committed transactions after a server crash.
    - Fix dump bug for VALUES in a view.
    - Disallow SELECT FOR UPDATE/SHARE on sequen...

Read more...

Launchpad Janitor (janitor) wrote :
Download full text (6.9 KiB)

This bug was fixed in the package postgresql-8.4 - 8.4.9-0ubuntu0.10.04

---------------
postgresql-8.4 (8.4.9-0ubuntu0.10.04) lucid-security; urgency=low

  * New upstream bug fix/security release: (LP: #866049)
    - Fix bugs in indexing of in-doubt HOT-updated tuples.
      These bugs could result in index corruption after reindexing a
      system catalog. They are not believed to affect user indexes.
    - Fix multiple bugs in GiST index page split processing.
      The probability of occurrence was low, but these could lead to
      index corruption.
    - Fix possible buffer overrun in tsvector_concat().
      The function could underestimate the amount of memory needed for
      its result, leading to server crashes.
    - Fix crash in xml_recv when processing a "standalone" parameter.
    - Make pg_options_to_table return NULL for an option with no value.
      Previously such cases would result in a server crash.
    - Avoid possibly accessing off the end of memory in "ANALYZE" and in
      SJIS-2004 encoding conversion.
      This fixes some very-low-probability server crash scenarios.
    - Prevent intermittent hang in interactions of startup process with
      bgwriter process.
      This affected recovery in non-hot-standby cases.
    - Fix race condition in relcache init file invalidation.
      There was a window wherein a new backend process could read a stale
      init file but miss the inval messages that would tell it the data
      is stale. The result would be bizarre failures in catalog accesses,
      typically "could not read block 0 in file ..." later during
      startup.
    - Fix memory leak at end of a GiST index scan.
      Commands that perform many separate GiST index scans, such as
      verification of a new GiST-based exclusion constraint on a table
      already containing many rows, could transiently require large
      amounts of memory due to this leak.
    - Fix incorrect memory accounting (leading to possible memory bloat)
      in tuplestores supporting holdable cursors and plpgsql's RETURN
      NEXT command.
    - Fix performance problem when constructing a large, lossy bitmap.
    - Fix join selectivity estimation for unique columns.
      This fixes an erroneous planner heuristic that could lead to poor
      estimates of the result size of a join.
    - Fix nested PlaceHolderVar expressions that appear only in
      sub-select target lists. This mistake could result in outputs of an
      outer join incorrectly appearing as NULL.
    - Allow nested EXISTS queries to be optimized properly.
    - Fix array- and path-creating functions to ensure padding bytes are
      zeroes. This avoids some situations where the planner will think that
      semantically-equal constants are not equal, resulting in poor
      optimization.
    - Fix "EXPLAIN" to handle gating Result nodes within inner-indexscan
      subplans. The usual symptom of this oversight was "bogus varno" errors.
    - Work around gcc 4.6.0 bug that breaks WAL replay. This could lead to
      loss of committed transactions after a server crash.
    - Fix dump bug for VALUES in a view.
    - Disallow SELECT FOR UPDATE/SHARE on sequences...

Read more...

Launchpad Janitor (janitor) wrote :
Download full text (4.7 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.16-0ubuntu0.8.04

---------------
postgresql-8.3 (8.3.16-0ubuntu0.8.04) hardy-security; urgency=low

  * New upstream bug fix/security release 8.3.16: (LP: #866049)
    - Fix bugs in indexing of in-doubt HOT-updated tuples.
      These bugs could result in index corruption after reindexing a
      system catalog. They are not believed to affect user indexes.
    - Fix multiple bugs in GiST index page split processing.
      The probability of occurrence was low, but these could lead to
      index corruption.
    - Fix possible buffer overrun in tsvector_concat().
      The function could underestimate the amount of memory needed for
      its result, leading to server crashes.
    - Fix crash in xml_recv when processing a "standalone" parameter.
    - Avoid possibly accessing off the end of memory in "ANALYZE" and in
      SJIS-2004 encoding conversion.
      This fixes some very-low-probability server crash scenarios.
    - Fix race condition in relcache init file invalidation.
      There was a window wherein a new backend process could read a stale
      init file but miss the inval messages that would tell it the data
      is stale. The result would be bizarre failures in catalog accesses,
      typically "could not read block 0 in file ..." later during
      startup.
    - Fix memory leak at end of a GiST index scan.
      Commands that perform many separate GiST index scans, such as
      verification of a new GiST-based exclusion constraint on a table
      already containing many rows, could transiently require large
      amounts of memory due to this leak.
    - Fix performance problem when constructing a large, lossy bitmap.
    - Fix array- and path-creating functions to ensure padding bytes are
      zeroes. This avoids some situations where the planner will think that
      semantically-equal constants are not equal, resulting in poor
      optimization.
    - Fix dump bug for VALUES in a view.
    - Disallow SELECT FOR UPDATE/SHARE on sequences.
      This operation doesn't work as expected and can lead to failures.
    - Defend against integer overflow when computing size of a hash table.
    - Fix cases where "CLUSTER" might attempt to access already-removed
      TOAST data.
    - Fix portability bugs in use of credentials control messages for
      "peer" authentication.
    - Fix SSPI login when multiple roundtrips are required.
      The typical symptom of this problem was "The function requested is
      not supported" errors during SSPI login.
    - Fix typo in pg_srand48 seed initialization.
      This led to failure to use all bits of the provided seed. This
      function is not used on most platforms (only those without
      srandom), and the potential security exposure from a
      less-random-than-expected seed seems minimal in any case.
    - Avoid integer overflow when the sum of LIMIT and OFFSET values
      exceeds 2^63.
    - Add overflow checks to int4 and int8 versions of generate_series().
    - Fix trailing-zero removal in to_char(). In a format with FM and no digit
      positions after the decimal point, zeroes to the left of the decimal
      p...

Read more...

Changed in postgresql-8.3 (Ubuntu Hardy):
status: Fix Committed → Fix Released
Changed in postgresql-8.4 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in postgresql-8.4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in postgresql-8.4 (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.