PostgreSQL Rolls Out New Releases To Address Two Security Issues
The latest high profile open-source project bitten by some fresh CVE security vulnerabilities is the PostgreSQL database server.
PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 9.3.24 are now out as updates to all supported versions of this SQL server. PostgreSQL 11 Beta 3 is also out as an updated development build.
The CVEs corrected are CVE-2018-10915 and CVE-2018-10925 for certain connection parameters being able to defeat client-side security defenses as well as memory disclosure and missing authorization for INSERT ... ON CONFLICT DO UPDATE queries, respectively.
These two security vulnerabilities are now corrected plus there have also been a number of other bug fixes and improvements that have queued since the previous updates. Among those additional updates are performance improvements when replaying write-ahead logs, allowing replication slots to be dropped in single-user mode, VACUUM fixes, query planner fixes, and a variety of other work.
More details on today's slew of PostgreSQL releases can be found via the official release announcement on PostgreSQL.org.
PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 9.3.24 are now out as updates to all supported versions of this SQL server. PostgreSQL 11 Beta 3 is also out as an updated development build.
The CVEs corrected are CVE-2018-10915 and CVE-2018-10925 for certain connection parameters being able to defeat client-side security defenses as well as memory disclosure and missing authorization for INSERT ... ON CONFLICT DO UPDATE queries, respectively.
These two security vulnerabilities are now corrected plus there have also been a number of other bug fixes and improvements that have queued since the previous updates. Among those additional updates are performance improvements when replaying write-ahead logs, allowing replication slots to be dropped in single-user mode, VACUUM fixes, query planner fixes, and a variety of other work.
More details on today's slew of PostgreSQL releases can be found via the official release announcement on PostgreSQL.org.
1 Comment