70184a53b3
The PostgreSQL Global Development Group has released an update to all supported versions of the PostgreSQL database system, including 10.3, 9.6.8, 9.5.12, 9.4.17, and 9.3.22. The purpose of this release is to address CVE-2018-1058, which describes how a user can create like-named objects in different schemas that can change the behavior of other users' queries and cause unexpected or malicious behavior, also known as a "trojan-horse" attack. Most of this release centers around added documentation that describes the issue and how to take steps to mitigate the impact on PostgreSQL databases. We strongly encourage all of our users to please visit https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path for a detailed explanation of CVE-2018-1058 and how to protect your PostgreSQL installations. After evaluating the documentation for CVE-2018-1058, a database administrator may need to take follow up steps on their PostgreSQL installations to ensure they are protected from exploitation. Security: CVE-2018-1058 |
||
|---|---|---|
| .. | ||
| files | ||
| distinfo | ||
| Makefile | ||
| pkg-descr | ||
| pkg-install-server | ||
| pkg-plist-client | ||
| pkg-plist-contrib | ||
| pkg-plist-plperl | ||
| pkg-plist-plpython | ||
| pkg-plist-pltcl | ||
| pkg-plist-server | ||