PostgreSQL 2009-12-14 Security Update

The PostgreSQL Project today released minor versions updating all active
branches of the PostgreSQL object-relational database system, including
versions 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27. This release
fixes one moderate-risk and one low-risk security issue: an SSL
authentication issue, and a privilege escalation issue with expression
indexes. All PostgreSQL database administrators are urged to update
your version of PostgreSQL at the earliest opportunity.

There are also 48 other bug fixes in this release, many of which apply
only to version 8.4, and a few of which are specifically for Windows.
While these are generally fixes for minor issues, among the changes are:

* Prevent hash index corruption
* Update time zone data for 9 regions
* Fix permissions-related startup issue on Windows
* Prevent server restart if a VACUUM FULL is killed
* Correct cache initialization startup bug

See the release notes for a full list of changes with details.

As with other minor releases, users are not required to dump and reload
their database in order to apply this update release; you may simply
shut down PostgreSQL and update its binaries. However, users who have
hash indexes will want to run REINDEX after updating in order to repair
any existing index damage. Users skipping more than one update may need
to check the release notes for extra, post-update steps.

* Release Notes:
http://www.postgresql.org/docs/current/static/release.html
* Installation Packages: http://www.postgresql.org/download/
* Source Code: http://www.postgresql.org/ftp/source/
* Details of Security Issues: http://www.postgresql.org/support/security

The PosgreSQL Global Development Group will stop releasing updates for
PostgreSQL versions 7.4 and 8.0 after July of 2010. We urge users of
those versions to start planning to upgrade now.