MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
postgresql
Search

PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released

Thursday November 8, 2018. 04:36 PM , from LWN.net
There is a whole new set of PostgreSQL releases out there, the main purpose
of which is to include an important security fix.
'Using a purpose-crafted trigger definition, an attacker can run
arbitrary SQL statements with superuser privileges when a superuser runs
`pg_upgrade` on the database or during a pg_dump dump/restore cycle.
This attack requires a `CREATE` privilege on some non-temporary schema
or a `TRIGGER` privilege on a table. This is exploitable in the default
PostgreSQL configuration, where all users have `CREATE` privilege on
`public` schema.' Note that this is the final update for the 9.3
series; users on that version should be planning an upgrade in the near
future.
https://lwn.net/Articles/771145/rss
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Fri 29 - 07:42 CET