EDB Technical Update for Postgres Advanced Server (Database Server 10.9.17)
Postgres Plus Advanced Server
Technical Alert Details
Technical Update EDB Postgres Advanced Server (Database Server 10.9.17)
WHAT’S NEW This update is notifying you of a new software release EDB Postgres™ Advanced Server 10.9.17. EDB Postgres Advanced Server 10 is built on the open source PostgreSQL 10, which introduces an impressive number of improvements that enable databases to scale up and scale out in more efficient ways. PostgreSQL 10 introduces Native Partitioning, Logical Replication, SCRAM Authentication, additional Parallel Query capabilities as well as a host of other new features and capabilities.
Enhancements implemented in clone schema 1.9 and parallel_clone 1.5.
CVE-2019-10164 - Stack-based buffer overflow via setting a password
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account.
Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account.
TROUBLESHOOTING If you experience any problems installing the new software please contact Technical Support at: Email: firstname.lastname@example.org Phone: US: +1-732-331-1320 or 1-800-235-5891 UK: +44-2033719820 Brazil: +55-2139581371 India: +91-20-66449612