August, 2017 - Crunchy Data Solutions (Charleston, SC) is pleased to announce the availability of new RPM's for Crunchy Certified PostgreSQL 9.2 through 9.6. With a documented history of focusing on security, Crunchy Certified PostgreSQL is the first commercially-available open source relational database management system to receive Common Criteria certification (EAL 2+).
This release includes the following important software updates.
Note: Detailed release notes are linked with each version.
- PostgreSQL 9.2.22 (Release Notes)
- PostgreSQL 9.3.18 (Release Notes)
- PostgreSQL 9.4.13 (Release Notes)
- PostgreSQL 9.5.8 (Release Notes)
- PostgreSQL 9.6.4 (Release Notes)
In addition, this release may also include new RPM content for corresponding extensions and tools. Please refer to the relevant release notes that correspond to your version.
Resolved Security Issues
Crunchy recommends upgrading your PostgreSQL version at the next opportunity, as this release includes critical security fixes. Additional information regarding the CVEs below will be made available through the corresponding links.
Notable PostgreSQL security vulnerabilities that have been patched in this release are as follows:
- Security Vulnerability CVE-2017-7546: Empty password accepted in some authentication methods
- Security Vulnerability CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
- Security Vulnerability CVE-2017-7548: lo_put() function ignores ACLs
For detailed descriptions of the preceding CVEs, please see the full release notes for your corresponding PostgreSQL version.
Crunchy Data is a leading provider of trusted open source PostgreSQL and enterprise PostgreSQL technology, support and training. Crunchy Data offers Crunchy Certified PostgreSQL, a 100% open source trusted distribution of PostgreSQL, the most advanced pure open source RDBMS on the market. Crunchy Data is a leading provider of Cloud Native PostgreSQL – providing open source, cloud agnostic PostgreSQL-as-a-Service solutions. PostgreSQL’s active development community, proven architecture and reputation for reliability, data integrity, and ease of use make it a prime candidate for enterprises looking for a robust relational database alternative to expensive proprietary database technologies.