[ANNOUNCE] Additional Advisory for Debian/Ubuntu Users

Questions and answers regarding general SQL and backend databases

[ANNOUNCE] Additional Advisory for Debian/Ubuntu Users

Postby ROCLASI » Fri Dec 06, 2019 9:59 am

Additional Advisory to 2019-11-14 Cumulative Update Release for Debian and Ubuntu Users

Posted on 2019-12-04 by PostgreSQL Global Development Group
The PostgreSQL Global Development Group, in conjunction with the cumulative update release on November 14, 2019 for versions 12.1, 11.6, 10.11, 9.6.16, 9.5.20, and 9.4.25, advises all users on Debian and Ubuntu to update their "postgresql-common" packages as soon as possible.

The latest releases of PostgreSQL packages from apt.postgresql.org, debian.org, and ubuntu.com closed a vulnerability (CVE-2019-3466) in which the PostgreSQL superuser could escalate to root using a deficiency in the pg_ctlcluster command. pg_ctlcluster is a utility provided by the "postgresql-common" package that is installed with PostgreSQL on these platforms.


All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg_upgrade in order to apply this update release; you may simply shutdown PostgreSQL and update its binaries.

Users who have skipped one or more update releases may need to run additional, post-update steps; please see the release notes for earlier versions for details.

NOTE: PostgreSQL 9.4 will stop receiving fixes on February 13, 2020. Please see our versioning policy for more information.


Robert Ivens
SAN Developer / Servoy Valued Professional / Servoy Certified Developer

ROCLASI Software Solutions / JBS Group, Partner
Twitter: @roclasi
ServoyForge - Building Open Source Software.
PostgreSQL - The world's most advanced open source database.
User avatar
Servoy Expert
Posts: 5431
Joined: Thu Oct 02, 2003 9:49 am
Location: Netherlands/Belgium

Return to SQL Databases

Who is online

Users browsing this forum: No registered users and 8 guests