Upgrade PostgreSQL to 9.6.5 (!1923) · Merge requests · GitLab.org / omnibus-gitlab

username-removed-100770 requested to merge tnir/omnibus-gitlab:postgres-9.6.5 into master Sep 13, 2017

PostgreSQL 9.6.5 (Release Date: 2017-08-31) is to be used as it contains the following security holes from 9.6.3 (as well as bug fixes):

CVE-2017-7546: Empty password accepted in some authentication methods
CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
CVE-2017-7548: lo_put() function ignores ACLs

Check migration guide

https://www.postgresql.org/docs/9.6/static/release-9-6-5.html

E.1.1. Migration to Version 9.6.5

A dump/restore is not required for those running 9.6.X.

However, if you are upgrading from a version earlier than 9.6.4, see Section E.2.

https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

E.2.1. Migration to Version 9.6.4

A dump/restore is not required for those running 9.6.X.

However, if you use foreign data servers that make use of user passwords for authentication, see the first changelog entry below.

By itself, this patch will only fix the behavior in newly initdb'd databases. If you wish to apply this change in an existing database, you will need to do the following:

[...]

Edited Sep 13, 2017 by username-removed-100770

Admin message

Admin message

Upgrade PostgreSQL to 9.6.5

Merge request reports