corrective updates for all supported PostgreSQL branches: , , , и , which presents a portion of bug fixes. Release updates for branch 9.4 until December 2019, 9.5 until January 2021, 9.6 until September 2021, 10 until October 2022, 11 until November 2023.
The new versions fix more than 60 bugs and fix four vulnerabilities:
- Two vulnerabilities (CVE-2019-10127, CVE-2019-10128) are platform-specific Windows and appear in installers from EnterpriseDB and BigSQL, which did not set the proper access rights to the data directory, which allowed any unprivileged user Windows initiate code execution at the PostgreSQL service level.
- Vulnerability CVE-2019-10129 manifests itself in PostgreSQL 11 and allows the user to read arbitrary memory areas of the server process by sending a specially crafted INSERT query to a partitioned table.
- Vulnerability CVE-2019-10130 allows reading the values of records to which access is restricted.
Fixed bugs include directory corruption when executing "ALTER TABLE" on a partitioned table, server crash when an error occurs when trying to save the cursor between transaction commits, performance issues when rolling back transactions involving a large number of tables, lack of support for the "CREATE TABLE IF NOT" statement EXISTS .. AS EXECUTE ..", memory leaks.
Source: opennet.ru
