Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

E.3. Release 8.1.3

Release date: 2006-02-14

This release contains a variety of fixes from 8.1.2, including one very serious security issue.

E.3.1. Migration to version 8.1.3

A dump/restore is not required for those running 8.1.X. However, if you are upgrading from a version earlier than 8.1.2, see the release notes for 8.1.2.

E.3.2. Changes

  • Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553)

    Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, in all releases back to 7.3 there is a related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled (which is not the default). Thanks to Akio Ishida for reporting this problem.

  • Fix bug with row visibility logic in self-inserted rows (Tom)

    Under rare circumstances a row inserted by the current command could be seen as already valid, when it should not be. Repairs bug created in 8.0.4, 7.4.9, and 7.3.11 releases.

  • Fix race condition that could lead to "file already exists" errors during pg_clog and pg_subtrans file creation (Tom)

  • Fix cases that could lead to crashes if a cache-invalidation message arrives at just the wrong time (Tom)

  • Properly check DOMAIN constraints for UNKNOWN parameters in prepared statements (Neil)

  • Ensure ALTER COLUMN TYPE will process FOREIGN KEY, UNIQUE, and PRIMARY KEY constraints in the proper order (Nakano Yoshihisa)

  • Fixes to allow restoring dumps that have cross-schema references to custom operators or operator classes (Tom)

  • Allow pg_restore to continue properly after a COPY failure; formerly it tried to treat the remaining COPY data as SQL commands (Stephen Frost)

  • Fix pg_ctl unregister crash when the data directory is not specified (Magnus)

  • Fix libpq PQprint HTML tags (Christoph Zwerschke)

  • Fix ecpg crash on AMD64 and PPC (Neil)

  • Allow SETOF and %TYPE to be used together in function result type declarations

  • Recover properly if error occurs during argument passing in PL/python (Neil)

  • Fix memory leak in plperl_return_next (Neil)

  • Fix PL/perl's handling of locales on Win32 to match the backend (Andrew)

  • Various optimizer fixes (Tom)

  • Fix crash when log_min_messages is set to DEBUG3 or above in postgresql.conf on Win32 (Bruce)

  • Fix pgxs -L library path specification for Win32, Cygwin, OS X, AIX (Bruce)

  • Check that SID is enabled while checking for Win32 admin privileges (Magnus)

  • Properly reject out-of-range date inputs (Kris Jurka)

  • Portability fix for testing presence of finite and isinf during configure (Tom)

  • Improve speed of COPY IN via libpq, by avoiding a kernel call per data line (Alon Goldshuv)

  • Improve speed of /contrib/tsearch2 index creation (Tom)


 
 
  Published courtesy of The PostgreSQL Global Development Group Design by Interspire