opendbteam workspace

opendbteam workspace
opendbteam workspace

Thursday, March 31, 2016

#PostgreSQL9.5 : #New #Security #Release

A new security release is available for PostgreSQL 9.5.
It fixes two potential security issues and one index corruption issue. The index feature might be re enabled in future releases if found to be working properly.

"Security Fixes for RLS, BRIN

This release closes security hole CVE-2016-2193, where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query.

The update also fixes CVE-2016-3065, a server crash bug triggered by using pageinspect with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue.

Abbreviated Keys and Corrupt Indexes

In this release, the PostgreSQL Project has been forced to disable 9.5's Abbreviated Keys performance feature for many indexes due to reports of index corruption. This may affect any B-tree indexes on TEXT, VARCHAR, and CHAR columns which are not in "C" locale. Indexes in other locales will lose the performance benefits of the feature, and should be REINDEXed in case of existing index corruption"

The complete release overview can be found at: http://www.postgresql.org/about/news/1656/

3 comments: