The PostgreSQL Security Team was made aware of CVE-2020-21469, which was filed without the prior knowledge of the PostgreSQL Security Team.
THIS IS NOT A SECURITY VULNERABILITY.
The CVE claims that it's possible to create a denial-of-service in a PostgreSQL 12.2 by sending repeated SIGHUP (or reload) signals to the primary PostgreSQL process. However, to do this, you need to have an account that is explicitly granted elevated privileges, including:
postgres
).pg_reload_conf
by a PostgreSQL superuser.If you are still running PostgreSQL 12.2, we do strongly encourage to upgrade to a newer release because of these actual CVEs and many other bug fixes.
If you suspect PostgreSQL has a security vulnerability, please first report it to the PostgreSQL Security Team for evaluation. The PostgreSQL Security Team has been maintaining its list of known vulnerabilities for nearly 20 years. The team works with all reporters to determine what is a valid vulnerability and to provide transparency to our users around security issues.
For more information on how you can report security vulnerabilities to the PostgreSQL Security Team and how the team evaluates reports, please see the security page: