corrective updates for all supported PostgreSQL branches: , , , и , which presents a portion of bug fixes. Release updates for branch 9.4 until December 2019, 9.5 until January 2021, 9.6 until September 2021, 10 until October 2022, 11 until November 2023.
The new versions fix more than 60 bugs and fix four vulnerabilities:
- Two vulnerabilities (CVE-2019-10127, CVE-2019-10128) are specific to the Windows platform and appear in installers from EnterpriseDB and BigSQL, which did not set proper access rights to the data directory, which allowed any unprivileged Windows user to initiate code execution on PostgreSQL service layer.
- Vulnerability CVE-2019-10129 manifests itself in PostgreSQL 11 and allows the user to read arbitrary memory areas of the server process by sending a specially crafted INSERT query to a partitioned table.
- Vulnerability CVE-2019-10130 allows reading the values of records to which access is restricted.
Fixed bugs include directory corruption when executing "ALTER TABLE" on a partitioned table, server crash when an error occurs when trying to save the cursor between transaction commits, performance issues when rolling back transactions involving a large number of tables, lack of support for the "CREATE TABLE IF NOT" statement EXISTS .. AS EXECUTE ..", memory leaks.
Source: opennet.ru