Posted on 2018-05-10 by PostgreSQL Global Development Group

The PostgreSQL Global Development Group has released an update to all supported
versions of our database system, including 10.4, 9.6.9, 9.5.13, 9.4.18, 9.3.23.
This release fixes one security issue as well as several bugs reported over the
last three months. Users should plan to update at the next convenient downtime.

Please see the “Updating” section for post-installation steps for the security
fix and the “incorrect volatility and parallel-safety markings” fix.

Please note that PostgreSQL changed its versioning scheme with the release of
version 10.0, so updating to version 10.4 from 10.0, 10.1, 10.2, or 10.3 is
considered a minor update.

Security Issues

One security vulnerability has been closed by this release:

  • CVE-2018-1115: Too-permissive access control list on function pg_logfile_rotate()

Please see the “Updating” section below for post-update steps.

Bug Fixes and Improvements

This update also fixes over 50 bugs reported in the last several months. Some of
these issues affect only version 10, but many affect all supported versions.

These fixes include:

  • Fix incorrect volatility and parallel-safety markings on several built-in
    functions to ensure correct query planning optimizations
  • Several fixes for partitioning, including potential crashes as well as
    allowing TRUE and FALSE to be used as partition bounds
  • Fix where a new TOAST value could be assigned to a dead-but-not-yet-vacuumed
    TOAST OID, which would result in an error similar to “unexpected chunk number 0
    (expected 1) for toast value nnnnn”
  • Fix “CREATE TABLE … LIKE” with bigint identity columns on 32-bit platforms
  • Fix memory leak within the runtime of a query that repeatedly executes hash
    joins
  • Several crash fixes around queries using GROUPING SET
  • Avoid failure if a query-cancel or session-termination interrupt occurs while
    committing a prepared transaction
  • Reduce locking during autovacuum worker scheduling, which prevents loss of
    potential worker concurrency
  • Fix possible slow execution of REFRESH MATERIALIZED VIEW CONCURRENTLY
  • Several fixes around query plans that use “index-only” scans
  • Avoid deadlocks in concurrent CREATE INDEX CONCURRENTLY commands that are run
    under SERIALIZABLE or REPEATABLE READ transaction isolation
  • Several fixes for SP-GiST indexes, including one collation-aware searches on
    text columns
  • Fixes related to counting the number of tuples in partial GiST, SP-GiST, and
    Bloom indexes
  • Several fixes for logical decoding and replication
  • Fix misquoting of values for list-valued GUC variables (e.g.
    local_preload_libraries, session_preload_libraries, shared_preload_libraries,
    temp_tablespaces) in dumps
  • Several fixes for pg_stat_activity
  • Several fixes for ecpg
  • Fix for pg_recvlogical to ensure compatibility with PostgreSQL versions
    released before 10
  • Several fixes for pg_rewind

This update also contains tzdata release 2018d, with updates for Palestine and
Antarctica (Casey Station), plus historical corrections for Portugal and its
colonies, as well as Enderbury, Jamaica, Turks & Caicos Islands, and Uruguay.

Updating

All PostgreSQL update releases are cumulative. As with other minor releases,
users are not required to dump and reload their database or use pg_upgrade to
apply this update release (though for this release, please see the note about
“volatility and parallel-safety markings”); you may simply shut down PostgreSQL
and update its binaries.

Users who have skipped one or more update releases may need to run additional,
post-update steps; please see the release notes for earlier versions for
details.

Post-Installation Steps for CVE-2018-1115

If you installed “adminpack” in any PostgreSQL 9.6 or 10 release you will need
to have your database administrator run the following command in every database
that “adminpack” is installed in:

ALTER EXTENSION adminpack UPDATE;

Post-Installation Steps for Function Markings

Functions that should be marked “volatile”

  • cursor_to_xml
  • cursor_to_xmlschema
  • query_to_xml
  • query_to_xml_and_xmlschema
  • query_to_xmlschema

Functions that should be marked “parallel-unsafe”

  • binary_upgrade_create_empty_extension,
  • brin_desummarize_range
  • brin_summarize_new_values
  • brin_summarize_range
  • cursor_to_xml
  • cursor_to_xmlschema
  • gin_clean_pending_list
  • pg_import_system_collations
  • ts_rewrite
  • ts_stat

If you use any of the above functions, you can update the markings in the
following ways:

Option 1: Update the markings manually in the “pg_proc” table in each database you use

these functions. You can achieve this by executing the following commands as a
database superuser:

/* Functions that should be marked "volatile" */
ALTER FUNCTION pg_catalog.cursor_to_xml(refcursor, int, boolean, boolean, text) VOLATILE;
ALTER FUNCTION pg_catalog.cursor_to_xmlschema(refcursor, boolean, boolean, text) VOLATILE;
ALTER FUNCTION pg_catalog.query_to_xml(text, boolean, boolean, text) VOLATILE;
ALTER FUNCTION pg_catalog.query_to_xml_and_xmlschema(text, boolean, boolean, text) VOLATILE;
ALTER FUNCTION pg_catalog.query_to_xmlschema(text, boolean, boolean, text) VOLATILE;
/* Functions that should be marked "parallel-unsafe" */
ALTER FUNCTION pg_catalog.binary_upgrade_create_empty_extension(text, text, bool, text, _oid, _text, _text) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.brin_desummarize_range(regclass, bigint) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.brin_summarize_new_values(regclass) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.brin_summarize_range(regclass, bigint) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.cursor_to_xml(refcursor, int, boolean, boolean, text) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.cursor_to_xmlschema(refcursor, boolean, boolean, text) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.gin_clean_pending_list(regclass) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.pg_import_system_collations(regnamespace) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.ts_rewrite(tsquery, text) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.ts_rewrite(tsquery, tsquery, tsquery) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.ts_stat(text) PARALLEL UNSAFE;
ALTER FUNCTION pg_catalog.ts_stat(text, text) PARALLEL UNSAFE;

Option 2: Run a pg_upgrade to a version containing the correct marking data (e.g. 10.4
and above)

Links

  • Download: https://www.postgresql.org/download/
  • Release Notes: https://www.postgresql.org/docs/current/static/release.html
  • Security Page: https://www.postgresql.org/support/security/
  • Versioning Policy: https://www.postgresql.org/support/versioning/
  • Follow @postgresql on Twitter: https://twitter.com/postgresql

PostgreSQL Project

Source link

(Visited 4 times, 1 visits today)
adminPostgresql
Posted on 2018-05-10 by PostgreSQL Global Development Group The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 10.4, 9.6.9, 9.5.13, 9.4.18, 9.3.23. This release fixes one security issue as well as several bugs reported over...

Do you want to be notified about new DBA updates, releases, jobs and free tips? Join our email newsletter. It's fast and easy. You will be among the first to know about hot new DBA updates and stuff, it will help you enhance your DBA skills.
We take your privacy very seriously