https://www.postgresql.org/docs/9.5/static/release-9-5-11.html...">
This update for postgresql95 fixes the following issues:
Upate to PostgreSQL 9.5.11:
Security issues fixed:
* <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-11.html">https://www.postgresql.org/docs/9.5/static/release-9-5-11.html</a>
* CVE-2018-1053, boo#1077983: Ensure that all temporary files made by
pg_upgrade are non-world-readable.
* boo#1079757: Rename pg_rewind's copy_file_range function to avoid
conflict with new Linux system call of that name.
In version 9.5.10:
* <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-10.html">https://www.postgresql.org/docs/9.5/static/release-9-5-10.html</a>
* CVE-2017-15098, boo#1067844: Memory disclosure in JSON functions.
* CVE-2017-15099, boo#1067841: INSERT ... ON CONFLICT DO UPDATE fails to
enforce SELECT privileges.
In version 9.5.9:
* <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-9.html">https://www.postgresql.org/docs/9.5/static/release-9-5-9.html</a>
* Show foreign tables in information_schema.table_privileges view.
* Clean up handling of a fatal exit (e.g., due to receipt of SIGTERM)
that occurs while trying to execute a ROLLBACK of a failed transaction.
* Remove assertion that could trigger during a fatal exit.
* Correctly identify columns that are of a range type or domain type
over a composite type or domain type being searched for.
* Fix crash in pg_restore when using parallel mode and using a list file
to select a subset of items to restore.
* Change ecpg's parser to allow RETURNING clauses without attached C
variables.
In version 9.5.8
* <a href="https://www.postgresql.org/docs/9.5/static/release-9-5-8.html">https://www.postgresql.org/docs/9.5/static/release-9-5-8.html</a>
* CVE-2017-7547, boo#1051685: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored as user
mapping options.
* CVE-2017-7546, boo#1051684: Disallow empty passwords in all
password-based authentication methods.
* CVE-2017-7548, boo#1053259: lo_put() function ignores ACLs.