Heads-up: PostgreSQL security release coming on April 4, 2013 1


As Evergreen is built with PostgreSQL at the core, the following PostgreSQL news announcement should be of concern to Evergreen administrators:

Upcoming PostgreSQL Security Release: April 4, 2013
Posted on 2013-03-28

The PostgreSQL Global Development Group will be releasing a security update for all supported versions on Thursday April 4th, 2013. This release will include a fix for a high-exposure security vulnerability. All users are strongly urged to apply the update as soon as it is available.

We are providing this advance notice so that users may schedule an update of their production systems on or shortly after April 4th.

As always, update releases only require installation of packages and a database system restart. You do not need to dump/restore or use pg_upgrade for this update release.

Please be prepared to update to the security release. While a typical Evergreen configuration does not expose PostgreSQL to public access, the nature of this announcement is unusual for PostgreSQL and suggests that the vulnerability may be particularly concerning.


About Dan Scott

I'm the systems librarian for Laurentian University, with a background in information architecture, database software development, and project planning from spending 8 years with IBM.


One thought on “Heads-up: PostgreSQL security release coming on April 4, 2013

  • Wolf Halton

    If you are running debian squeeze, you can get this update without too much problem by running the following commands as root:
    aptitude -t squeeze-backports update
    aptitude -t squeeze-backports upgrade postgresql-9.1

    Resolving dependencies…
    The following packages will be upgraded:
    postgresql-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1
    3 packages upgraded, 0 newly installed, 0 to remove and 61 not upgraded.

    It will show you have lots of other packages you could upgrade, but you don’t have to install all of the backports right now, if you do not want to.

    running
    aptitude dist-upgrade (without the repository -t option)
    will bring in the updated postgresql-client-9.1 (9.1.9-1~bpo60+1)
    and postgresql-server-dev-9.1 (9.1.9-1~bpo60+1)

    running
    aptitude -t squeeze-backports dist-upgrade will bring you the 3.2 kernel, among other things.

Comments are closed.