PostgreSQL Security Update Release

Posted on Posted in PostgreSQL

Description: This release closes security hole CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query.

The update also fixes CVE-2016-3065, a server crash bug triggered by using pageinspect with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue.

Affected versions: All supported versions of PostgreSQL database system 9.5.2, 9.4.7, 9.3.12, 9.2.16, and 9.1.21

Solution: Apply upgrade.

Users of version 9.5 will want to REINDEX any indexes they created on character columns in non-C locales.

Users of other versions who have skipped multiple update releases may need to perform additional post-update steps; see the Release Notes for details.

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *