Three security vulnerabilities have been fixed by this release:
-* CVE-2017-12172: Start scripts permit database administrator to modify root-owned files
+* CVE-2017-12172: Start scripts permit database administrator to modify
+ root-owned files
* CVE-2017-15098: Memory disclosure in JSON functions
-* CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
+* CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce
+ SELECT privileges
-CVE-2017-12172: Start scripts permit database administrator to modify root-owned files
---------------------------
+CVE-2017-12172: Start scripts permit database administrator to modify
+root-owned files
+---------------------------------------------------------------------
Prior to this release, the startup log file for the postmaster (in newer
releases, "postgres") process was opened while the process was still
the start scripts will need to ensure the startup log files are owned by
the user specified to run the PostgreSQL server.
-CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges
---------------------------
+CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT
+privileges
+------------------------------------------------------------------------
Prior to this release, the "INSERT ... ON CONFLICT DO UPDATE" would not
check to see if the executing user had permission to perform a "SELECT"
Ireland, Namibia, and Pago Pago.
EOL Notice for Version 9.2
------------------------------------------
+--------------------------
PostgreSQL version 9.2 is now End-of-Life (EOL). No additional updates
or security patches will be released by the community for this
possible. See our Versioning Policy for more information.
Links
-------
+-----
* Download: https://www.postgresql.org/download
* Release Notes: https://www.postgresql.org/docs/current/static/release.html
* Security Page: https://www.postgresql.org/support/security/
projects / press.git / commitdiff