PostgreSQL 9.6.2, 9.5.6, 9.4.11, 9.3.16 and 9.2.20 released!

Description: The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 9.6.2, 9.5.6, 9.4.11, 9.3.16, and 9.2.20. This release includes fixes that prevent data corruption issues in index builds and in certain write-ahead-log replay situations, which are detailed below. It also patches over 75 other bugs reported […]

Continue reading ...

PostgreSQL Bugs allows remote user to cause service to crash

Decription: A remote authenticated user with CREATEDB or CREATEROLE roles can create a specially crafted object name containing newlines, carriage returns, double quotes, or backslashes that will, when a superuser runs certain maintenance programs (e.g., pg_dumpall, pg_upgrade, vacuumdb, reindexdb, and clusterdb), grant the user superuser privileges [CVE-2016-5424]. Affected versions: 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.x. Recommended […]

Continue reading ...

PostgreSQL Security Update Release

Description: This release closes security hole CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query. The update also fixes CVE-2016-3065, a server crash bug triggered by using pageinspect with […]

Continue reading ...