• Home
  • Services
    • DBA Support
    • DBA Consultancy Services
    • PostgreSQL Support
    • Website Maintenance
  • Courses

    About Courses

    • List Of Courses
    • Become an Instructor
    Greenplum Database

    Greenplum Database

    $2,000.00 $1,500.00
    Read More
  • Company
    • FAQs
    • About Us
    • Contact
  • Events
  • Portfolio
  • Blogs
    • Blog – RayaFeeL
    • Blog – PostgreSQL Support
    • Blog – PostgreSQL Migration
    • Blog – All DB’s
    • Blog – Linux
    • Blog – Medical Coding
      • Cart

        0

    Have any question?
    (+91)8838953252
    ITsupport@rayafeel.com
    RegisterLogin
    RayaFeeL
    • Home
    • Services
      • DBA Support
      • DBA Consultancy Services
      • PostgreSQL Support
      • Website Maintenance
    • Courses

      About Courses

      • List Of Courses
      • Become an Instructor
      Greenplum Database

      Greenplum Database

      $2,000.00 $1,500.00
      Read More
    • Company
      • FAQs
      • About Us
      • Contact
    • Events
    • Portfolio
    • Blogs
      • Blog – RayaFeeL
      • Blog – PostgreSQL Support
      • Blog – PostgreSQL Migration
      • Blog – All DB’s
      • Blog – Linux
      • Blog – Medical Coding
        • Cart

          0

      Blog

      • Home
      • Blog
      • Blog
      • PostgreSQL Patching version 9, 10,11

      PostgreSQL Patching version 9, 10,11

      • Posted by Nijamutheen J
      • Categories Blog
      • Date October 10, 2019
      • Comments 0 comment

      If you are used to patch Oracle databases you probably know how to use opatch to apply PSUs. How does PostgreSQL handle this? Do we need to patch the existing binaries to apply security fixes? The answer is: No.

      Lets say you want to patch PostgreSQL from version 10.5/11.3 to version 10.10/11.5.

      This is called minor version postgres upgrade or postgres patching

       

      Why need to patch postgresql server  ?

      Multiple SQL injection vulnerabilities have been discovered in PostgreSQL that could allow for arbitrary code execution. The vulnerabilities are the result of the application’s failure to sufficiently sanitize user-supplied input before using it in an SQL query. These vulnerabilities allow attackers with the CREATE permission (or Trigger permission in some tables) to exploit input sanitation vulnerabilities in the pg_upgrade and pg_dump functions. The CREATE permission is automatically given to new users on the public schema, and the public schema is the default schema used on these databases. Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary SQL statements, which could them to compromise the application, access or modify data, or exploit other vulnerabilities in the database.

      Solution :

      This issue is fixed by upgrading to below mentioned point releases and restarting your PostgreSQL server.

      Below are the new point releases to fix the vulnerability.

      • PostgreSQL version 9.6.15
      • PostgreSQL version 10.10
      • PostgreSQL version 11.5

      For More Info refer the below link

      https://www.cvedetails.com/vulnerability-list/vendor_id-336/product_id-575/Postgresql-Postgresql.html

      Below steps will helpful to apply patch on postgres server

      Step 1. Install the below packages on linux server.

      [On RHEL/CentOS]
      # yum install gcc*
      # yum install zlib-devel*
      # yum install readline-devel*
      
      [On Debian/Ubuntu]
      # apt install gcc*
      # apt install zlib1g-dev*
      # apt install libreadline6-dev*
      
      [On SUSE Linux ]
      # Zypper in gcc*
      # zlib1g-dev*
      # libreadline6-dev*
      # zypper in zlib*

      Step 2. Install the new version of postgres server as root user.

      # ./configure --prefix=/nijam/10.10/ --without-readline
      # make (or) # make world -->>(additional modules (contrib), type instead PostgreSQL, contrib, and documentation 
      # make install (or) # make install-world -->>(if you want contribution extension)

      (OR)

      rpm -ivh postgresql1010-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-contrib-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-contrib-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-debugsource-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-devel-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-devel-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-docs-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-libs-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-libs-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-pglogical-2.2.2-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-pglogical-debuginfo-2.2.2-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-pglogical-debugsource-2.2.2-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-plperl-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-plperl-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-plpython-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-plpython-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-pltcl-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-pltcl-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-server-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-server-debuginfo-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-test-10.10-1.x86_64.rpm --nodeps
      rpm -ivh postgresql1010-test-debuginfo-10.10-1.x86_64.rpm --nodeps

      Step 3. Take the backup physical or logical backup and Stop the old version of postgres server 10.5 with seperate path.

      tutorialdba.com:/nijam/10.10/postgresql-10.10 # ps -ef|grep postgres
      pginsta 2779 1 0 May15 ? 00:10:45 /nijam/10.5/bin/postgres -D /data/
      pginsta 2781 2779 0 May15 ? 00:00:01 postgres: logger process
      pginsta 2783 2779 0 May15 ? 00:00:52 postgres: checkpointer process
      pginsta 2784 2779 0 May15 ? 00:12:33 postgres: writer process
      pginsta 2785 2779 0 May15 ? 00:04:03 postgres: wal writer process
      
      
      /nijam/10.5/bin/pg_ctl -D /data/  stop

      Step 4. Start the new server from new installation bin path and pointing existing data directory.

      /nijam/10.10/bin/pg_ctl -D /data/ -l logfile start

      Note : While patching 9 version you won’t get any error but 10 and 11 version you may get pg_hba.conf error means peer connection will not support so you have to comment it then start the server.

      For postgres major upgrade this blog will helpful for you  https://2ndquadrant.in/postgresql-upgradation-from-9-5-to-11-3/

       

      Tag:patching, postgresql, upgrade

      • Share:
      Admin bar avatar
      Nijamutheen J

      Nijamutheen J 7+ years of experience in PostgreSQL, Linux admin , web hosting - apache server , Oracle ,mySQL, Mriadb, vertica DB & Server security administrator

      My updated resume is https://www.tutorialdba.com/p/hi-i-have-4.html

      Previous post

      Tools for PostgreSQL
      October 10, 2019

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Login with:

      Login with Google Login with Twitter Login with LinkedIn Login with Microsoft


      Search

      ADVERTISEMENT

      Latest Posts

      PostgreSQL Patching version 9, 10,11
      10Oct2019
      Tools for PostgreSQL
      16Sep2019
      Postgres user creation and restrict DDL & database access
      13Sep2019
      PostgreSQL SSL Setup
      07Sep2019
      How to DELETE current XLOG / WAL LOG in postgresql database ?
      19Aug2019

      Latest Courses

      PostgreSQL Database

      PostgreSQL Database

      $600.00 $500.00
      Greenplum Database

      Greenplum Database

      $2,000.00 $1,500.00

      Preview Course

      Free

      Recent Forum Topics

      • thought behind whiteboard activity
      • Are you going to take your first ste
      • How to start working on an application?
      • please let me know pre requirements to increase work_mem
      • how to copy some data in one table to another table in postgres

      2ndquadrant.in

      (+91) 8838953252

      ITsupport@rayafeel.com

      Company

      • About Us
      • Contact
      • Our Team
      • Blog

      COURSES

      • List Of Course
      • Become An Instructor
      • Events
      • Postgres Support Blog

      Support

      • DBA Support
      • Consultancy Services
      • Postgres Migration Blogs
      • Forum

      Recommend

      • Groups
      • Login
      • FAQs
      • SignUp

      IT Services by rayafeel.com. Powered by Rayafeel Technologies Pvt Ltd.

      • Privacy
      • Terms

      Become An Instructor?

      Join thousand of instructors and earn money hassle free!

      Get Started Now

      Login with:

      Login with Google Login with Twitter Login with LinkedIn Login with Microsoft

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now