4eb290d68e
Security Fixes for RLS, BRIN ---------------------------- This release closes security hole CVE-2016-2193 (https://access.redhat.com/security/cve/CVE-2016-2193), where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query. The update also fixes CVE-2016-3065 (https://access.redhat.com/security/cve/CVE-2016-3065), a server crash bug triggered by using `pageinspect` with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue. Abbreviated Keys and Corrupt Indexes ------------------------------------ In this release, the PostgreSQL Project has been forced to disable 9.5's Abbreviated Keys performance feature for many indexes due to reports of index corruption. This may affect any B-tree indexes on TEXT, VARCHAR, and CHAR columns which are not in "C" locale. Indexes in other locales will lose the performance benefits of the feature, and should be REINDEXed in case of existing index corruption. The feature may be re-enabled in future versions if the project finds a solution for the problem. See the release notes, and the wiki page on this issue for more information: http://wiki.postgresql.org/abbreviatedkeys_issue URL: http://www.postgresql.org/about/news/1656/ URL: http://wiki.postgresql.org/abbreviatedkeys_issue Security: CVE-2016-2193 Security: CVE-2016-3065 |
||
|---|---|---|
| .. | ||
| files | ||
| distinfo | ||
| Makefile | ||
| pkg-descr | ||
| pkg-install-server | ||
| pkg-plist-client | ||
| pkg-plist-contrib | ||
| pkg-plist-plperl | ||
| pkg-plist-plpython | ||
| pkg-plist-pltcl | ||
| pkg-plist-server | ||