diff options
| author | Palle Girgensohn <girgen@FreeBSD.org> | 2024-05-09 22:13:22 +0200 |
|---|---|---|
| committer | Palle Girgensohn <girgen@FreeBSD.org> | 2024-05-10 00:34:46 +0200 |
| commit | ade1c57e3a72ec9c4a7c02ce28dbfbd5efcce373 (patch) | |
| tree | 5a1be2c384a6472f3471f0e27acd58b1552f9465 /databases/postgresql15-server/files/pkg-message-server.in | |
| parent | security/vuxml: Document vulnerability in postgresql. (diff) | |
databases/postgresql??-*: Update to latest versions
PostgreSQL 16.3, 15.7, 14.12, 13.15, and 12.19 Released!
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 16.3, 15.7, 14.12, 13.15,
and 12.19. This release fixes one security vulnerability and over 55
bugs reported over the last several months.
Please note that the fix in this release for CVE-2024-4317 only fixes
fresh PostgreSQL installations, namely those that are created with the
initdb utility after this fix is applied. If you have a current
PostgreSQL installation and are concerned about this issue, please
follow the additional updating instructions provided in the
CVE-2024-4317 description or the release notes for the remediation. [1]
The script is installed as /usr/local/share/postgresql/fix-CVE-2024-4317.sql
PostgreSQL 12 will stop receiving fixes on November 14, 2024. If you are
running PostgreSQL 12 in a production environment, we suggest that you
make plans to upgrade to a newer, supported version of PostgreSQL.
Please see our versioning policy for more information.
[1]: https://www.postgresql.org/support/security/CVE-2024-4317/
Security: d53c30c1-0d7b-11ef-ba02-6cc21735f730
PR: 277428 (remove unneded patch)
PR: 260494 (remove deprecated INTDATE option)
PR: 265860 (correct path for contrib README file in pkg-message)
Diffstat (limited to 'databases/postgresql15-server/files/pkg-message-server.in')
| -rw-r--r-- | databases/postgresql15-server/files/pkg-message-server.in | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/databases/postgresql15-server/files/pkg-message-server.in b/databases/postgresql15-server/files/pkg-message-server.in index 6370d4a017cc..946ff1d75b6d 100644 --- a/databases/postgresql15-server/files/pkg-message-server.in +++ b/databases/postgresql15-server/files/pkg-message-server.in @@ -62,10 +62,22 @@ NB. If you're not using a checksumming filesystem like ZFS, you might wish to enable data checksumming. It can be enabled during the initdb phase, by adding the "--data-checksums" flag to the postgresql_initdb_flags rcvar. Otherwise you can enable it later by - pg_checksums. Check the initdb(1) manpage for more info + using pg_checksums. Check the initdb(1) manpage for more info and make sure you understand the performance implications. ====================================================================== + +SECURITY ADVICE + +If upgradring from a version 15.x < 15.7: +A security vulnerability was found in the system views pg_stats_ext +and pg_stats_ext_exprs, potentially allowing authenticated database +users to see data they shouldn't. If this is of concern in your +installation, run the SQL script %%DATADIR%%/fix-CVE-2024-4317.sql +for each of your databases. For details, see +https://www.postgresql.org/support/security/CVE-2024-4317/ + + EOM } ] |