This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.
Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
CVE-2015-0244,CVE-2014-8161
uuid-ossp patch has been outdated with irrelevant changes (for us),
so massage back in.
In head of postgresql, this is handled properly, so eventually the ossp patches
can go.
update to all supported versions of the PostgreSQL database system,
which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and
8.4.20. This update contains fixes for multiple security issues, as
well as several fixes for replication and data integrity issues. All
users are urged to update their installations at the earliest
opportunity, especially those using binary replication or running a
high-security application.
This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063
CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067
Note that users of the hstore extension on version 9.3 must take an additional,
post upgrade step of running "ALTER EXTENSION hstore UPDATE" in each database
after update.
URL: http://www.postgresql.org/about/news/1487/
Major enhancements in PostgreSQL 9.3 include:
- Add materialized views
- Make simple views auto-updatable
- Add many features for the JSON data type, including operators and functions to extract elements from JSON values
- Implement SQL-standard LATERAL option for FROM-clause subqueries and function calls
- Allow foreign data wrappers to support writes (inserts/updates/deletes) on foreign tables
- Add a Postgres foreign data wrapper to allow access to other Postgres servers
- Add support for event triggers
- Add optional ability to checksum data pages and report corruption
- Prevent non-key-field row updates from blocking foreign key checks
- Greatly reduce System V shared memory requirements
URL: http://www.postgresql.org/docs/9.3/static/release-9-3.html
