EDB Technical Update for Postgres Advanced Server (Database Server 11.4.11)

Customer Portal
Customer Portal

This article was originally published on June 25, 2019

 
Technical Update
EDB Postgres Advanced Server (Database Server 11.4.11)

WHAT’S NEW
This update is notifying you of a new software release EDB Postgres™ Advanced Server 11.4.11. EDB Postgres Advanced Server 11 is built on the open source PostgreSQL 11, which introduces an impressive number of improvements that enable databases to scale up and scale out in more efficient ways. PostgreSQL 11 introduces increased robustness and performance to partitioning, transactions supported in stored features, enhanced capability for query parallelism and many more features.

Highlights of 11.4.11 release include:
  • Merge with community release 11.4.
  1. More information about this and other fixes in community PostgreSQL can be found  https://www.postgresql.org/about/news/1949/ and https://www.postgresql.org/docs/11/release-11-4.html.
  2. Enhancements implemented in clone schema 1.9  and parallel_clone 1.5.
  3. CVE-2019-10164 - Stack-based buffer overflow via setting a password
An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute
arbitrary code as the PostgreSQL operating system account.

Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account. This update contains the following fixes: 
  • RM43994 - SPL: Don't mark portal as FAILED when executing SPL ROLLBACK. [Support ticket #870716]
  • RM43959 - Fix "REASSIGN OWNED BY" for dbms_aq objects.
  • RM43689 - ecpg: Suppress line numbers (#line directive) with '-l' option.
  • RM43055 - Add missing sepgsql checks for namespace lookups
  • RM43970 - Reject non-QT_NORMAL SELECT statements in SPI_is_cursor_plan().
  • RM43938 - Throw a user-friendly error when package type has dropped attributes.
This update also contains a fix for Cloneschema component:
  • DI-166 - Cloneschema fails when applying FK constraints on the target if rows are constantly being inserted in the source. [Support Ticket #860472]
IS THIS FOR ME?
This announcement is for EDB customers who are using, or are interested in, EDB Postgres Advanced Server and have a database subscription purchased for:
  •  EDB Postgres Enterprise Edition
HOW TO GET THE SOFTWARE
EDB Postgres Advanced Server v11 is packaged and delivered as a series of interactive installers available via Stackbuilder Plus and on the EnterpriseDB website. Visit: https://www.enterprisedb.com/advanced-downloads

RPM Packages are available for download from: https://yum.enterprisedb.com/

To request the credentials required to access EnterpriseDB repositories, please visit https://www.enterprisedb.com/repository-access-request

Documentation is provided on the EnterpriseDB website.  Visit: https://www.enterprisedb.com/resources/product-documentation

TROUBLESHOOTING
If you experience any problems installing the new software please contact Technical Support at:
Email:  support@enterprisedb.com
Phone: US: +1-732-331-1320 or 1-800-235-5891
UK: +44-2033719820
Brazil: +55-2139581371
India: +91-20-66449612

Was this article helpful?

0 out of 0 found this helpful