#pgFrontFeature {
position: relative;
- background: #F5F5F5 url(/media/img/feature/feature_elephant.png) right bottom no-repeat;
- /* background: #F5F5F5 url(/media/img/feature/feature_gears.png) right bottom no-repeat; */
+ /* background: #F5F5F5 url(/media/img/feature/feature_elephant.png) right bottom no-repeat; */
+ background: #F5F5F5 url(/media/img/feature/feature_gears.png) right bottom no-repeat;
/* Also see pgFrontFeatureContent for image size */
padding: 15px;
margin-bottom: 1em;
<div id="pgFrontMain">
<div id="pgFrontFeature">
<div id="pgFrontFeatureContent">
- <p><b>29<sup>th</sup> September 2016</b></p>
+ <p><b>29<sup>th</sup> October 2016</b></p>
<h1 id="txtFrontFeatureHeading">
- PostgreSQL 9.6 Released!
+ PostgreSQL 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19 and 9.1.24 Released!
</h1>
<p>
The PostgreSQL Global Development Group is pleased to announce the availability of
- PostgreSQL 9.6.
+ PostgreSQL 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19 and 9.1.24.
</p>
<p>
- PostgreSQL 9.6 is a major new version of the world's most advanced Open Source database.
- This release includes support for parallel queries, performance enhancements to Foreign
- Data Wrappers, support for multiple synchronous standbys and much, much more.
+ This release fixes issues that can cause data corruption, which are described in
+ the release notes. It also patches a number of other bugs reported over the last
+ few months. The project urges users to apply this update at the next possible
+ downtime.
</p>
<div id="txtFrontFeatureLink">
<br/>
- <img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/about/news/1703/" title="Release Announcement">Release Announcement</a><br />
- <img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/docs/9.6/static/release-9-6.html" title="Release Notes">Release Notes</a><br />
+ <img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/about/news/1712/" title="Release Announcement">Release Announcement</a><br />
+ <img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/docs/9.6/static/release-9-6-1.html" title="Release Notes">Release Notes</a><br />
<img src="/media/img/layout/blt_blu_arrow.png" width="6" height="6" alt="" /><a href="/download/" title="Download">Download</a><br />
</div>
</div>
<p>
The following table lists all known security issues.
-Please note that versions prior to 9.1 are no longer
+Please note that versions prior to 9.2 are no longer
supported. An archive of vulnerabilities found only in unsupported
versions is
<a href="/support/security_archive">on our Security Archive page</a>,
<td class="colLast">executing enum_recv() with wrong parameters crashes server</td>
</tr>
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489">CVE-2012-3489</a></td>
- <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
- <td class="colMid">9.1.5, 9.0.9, 8.4.13, 8.3.20</td>
- <td class="colMid">core server</td>
- <td class="colMid">C</td>
- <td class="colLast">xml_parse() DTD validation can be used to read arbitrary files</td>
- </tr>
-
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3488">CVE-2012-3488</a></td>
- <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
- <td class="colMid">9.1.5, 9.0.9, 8.4.13, 8.3.20</td>
- <td class="colMid">contrib module</td>
- <td class="colMid">C</td>
- <td class="colLast">contrib/xml2's xslt_process() can be used to read and write arbitrary files</td>
- </tr>
-
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143">CVE-2012-2143</a></td>
- <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
- <td class="colMid">9.1.4, 9.0.8, 8.4.12, 8.3.19</td>
- <td class="colMid">contrib module</td>
- <td class="colMid">C</td>
- <td class="colLast">Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used</td>
- </tr>
-
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655">CVE-2012-2655</a></td>
- <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
- <td class="colMid">9.1.4, 9.0.8, 8.4.12, 8.3.19</td>
- <td class="colMid">core server</td>
- <td class="colMid">D</td>
- <td class="colLast">SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server</td>
- </tr>
-
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866">CVE-2012-0866</a></td>
- <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
- <td class="colMid">9.1.3, 9.0.7, 8.4.11, 8.3.18</td>
- <td class="colMid">core server</td>
- <td class="colMid">C</td>
- <td class="colLast">Permissions on a function called by a trigger are not properly checked.</td>
- </tr>
-
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867">CVE-2012-0867</a></td>
- <td class="colMid">9.1, 9.0, 8.4</td>
- <td class="colMid">9.1.3, 9.0.7, 8.4.11</td>
- <td class="colMid">core server, limited deployments</td>
- <td class="colMid">A</td>
- <td class="colLast">SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities.</td>
- </tr>
-
- <tr valign="top">
- <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0868">CVE-2012-0868</a></td>
- <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
- <td class="colMid">9.1.3, 9.0.7, 8.4.11, 8.3.18</td>
- <td class="colMid">core server</td>
- <td class="colMid">C</td>
- <td class="colLast">Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file.</td>
- </tr>
-
</table>
</div>
<th class="colLast">Description</th>
</tr>
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489">CVE-2012-3489</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.5, 9.0.9, 8.4.13, 8.3.20</td>
+ <td class="colMid">core server</td>
+ <td class="colMid">C</td>
+ <td class="colLast">xml_parse() DTD validation can be used to read arbitrary files</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3488">CVE-2012-3488</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.5, 9.0.9, 8.4.13, 8.3.20</td>
+ <td class="colMid">contrib module</td>
+ <td class="colMid">C</td>
+ <td class="colLast">contrib/xml2's xslt_process() can be used to read and write arbitrary files</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143">CVE-2012-2143</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.4, 9.0.8, 8.4.12, 8.3.19</td>
+ <td class="colMid">contrib module</td>
+ <td class="colMid">C</td>
+ <td class="colLast">Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655">CVE-2012-2655</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.4, 9.0.8, 8.4.12, 8.3.19</td>
+ <td class="colMid">core server</td>
+ <td class="colMid">D</td>
+ <td class="colLast">SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866">CVE-2012-0866</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.3, 9.0.7, 8.4.11, 8.3.18</td>
+ <td class="colMid">core server</td>
+ <td class="colMid">C</td>
+ <td class="colLast">Permissions on a function called by a trigger are not properly checked.</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867">CVE-2012-0867</a></td>
+ <td class="colMid">9.1, 9.0, 8.4</td>
+ <td class="colMid">9.1.3, 9.0.7, 8.4.11</td>
+ <td class="colMid">core server, limited deployments</td>
+ <td class="colMid">A</td>
+ <td class="colLast">SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities.</td>
+ </tr>
+
+ <tr valign="top">
+ <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0868">CVE-2012-0868</a></td>
+ <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+ <td class="colMid">9.1.3, 9.0.7, 8.4.11, 8.3.18</td>
+ <td class="colMid">core server</td>
+ <td class="colMid">C</td>
+ <td class="colLast">Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file.</td>
+ </tr>
+
<tr valign="top">
<td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4015">CVE-2010-4015</a></td>
<td class="colMid">9.0, 8.4, 8.3, 8.2</td>
projects / pgweb.git / commitdiff