诸城信息港城市论坛

 找回密码
 注册

查看: 1311|回复: 0

PostgreSQL发布全系重要安全补丁

[复制链接]
     

1279

主题

5103

帖子

4万

积分

贵宾

与人为善

Rank: 4

积分
44414

注册纪念日论坛贡献奖新年送“福”调侃乱语2011苹安果马年大吉勋章年味勋章喜气羊羊

发表于 2012-6-5 15:34:03 | 显示全部楼层 |阅读模式 IP:山东潍坊
  reSQL 全球开发组今天发布了全系的安全更新版本,包括:9.1.4, 9.0.8, 8.4.12 and 8.3.19.如果你使用了 pg_crypto 模块中的 crypt(text,text) 函数用于 DES 加密的话,那你应该立即更新到最新版本。其中 9.1 版本修复的 bug 包括:

  Fix citext upgrade script for collations of citext arrays and domains over citext

  Fixes for timezone handling

  Fix text or char to name casts to perform string truncation correctly in multibyte encodings

  Fix memory copying bug in to_tsquery()
Ensure txid_current() reports the correct epoch when executed in hot standby

  Fix planner’s handling of sub-SELECTS referencing variables coming from the nullable side of an outer join of the surrounding query

  Fix planning of UNION ALL subqueries with output columns that are not simple variables

  Fix slow session startup when pg_attribute is very large
Ensure sequential scans check for query cancel reasonably often

  Show whole-row variables safely when printing views or rules

  Fix COPY FROM to properly handle null marker strings that correspond to invalid encoding

  Fix EXPLAIN VERBOSE for writable CTEs containing RETURNING clauses

  Fix PREPARE TRANSACTION to work correctly in the presence of advisory locks

  Fix bugs with temporary or transient tables used in extension scripts

  Ensure autovacuum worker processes perform stack depth checking properly

  Fix logging collector to not lose log coherency under high load

  Fix logging collector to ensure it will restart file rotation after receiving SIGHUP

  Fix WAL replay logic for GIN indexes to not fail if the index was subsequently dropped
Avoid synchronous replication delay when committing a transaction that only modified temporary tables

  包含两个安全补丁:

  CVE-2012-2143: Fix incorrect password transformation in contrib/pgcrypto’s DES crypt() function

  CVE-2012-2655: Ignore SECURITY DEFINER and SET attributes for a procedural language’s call handler

  这个漏洞会直接导致服务器挂机,而且影响到所有的 PostgreSQL 版本。关于此漏洞的更详细描述请看发行说明。下载地址:http://www.postgresql.org/download/(来自红黑联盟)
您需要登录后才可以回帖 登录 | 注册

本版积分规则

关于本站 广告服务 联系我们 网站导航 诚聘英才 免责声明 帮助中心
Copyright © 2005 诸城信息港 版权所有 | 增值电信业务经营许可证:鲁B2-20051026号 | 备案/许可证号:鲁ICP备12015127号-7 | 电子公告许可:电信业务审批[2008]字第262号函
投稿信箱:webmaster@zcinfo.net   总机:0536-6017778    新闻、业务热线:0536-2165588   法律顾问:山东东武律师事务所 刘清波、秦丽律师
快速回复 返回顶部 返回列表