PostgreSQL Rolls Out New Releases To Address Two Security Issues
Written by Michael Larabel in Security on 9 August 2018 at 10:21 AM EDT. 1 Comment
SECURITY --
The latest high profile open-source project bitten by some fresh CVE security vulnerabilities is the PostgreSQL database server.

PostgreSQL 10.5, 9.6.10, 9.5.14, 9.4.19, 9.3.24, and 9.3.24 are now out as updates to all supported versions of this SQL server. PostgreSQL 11 Beta 3 is also out as an updated development build.

The CVEs corrected are CVE-2018-10915 and CVE-2018-10925 for certain connection parameters being able to defeat client-side security defenses as well as memory disclosure and missing authorization for INSERT ... ON CONFLICT DO UPDATE queries, respectively.

These two security vulnerabilities are now corrected plus there have also been a number of other bug fixes and improvements that have queued since the previous updates. Among those additional updates are performance improvements when replaying write-ahead logs, allowing replication slots to be dropped in single-user mode, VACUUM fixes, query planner fixes, and a variety of other work.

More details on today's slew of PostgreSQL releases can be found via the official release announcement on PostgreSQL.org.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Security News
Popular News This Week