1
0
mirror of https://github.com/postgres/postgres.git synced 2025-10-25 13:17:41 +03:00

Last-minute updates for release notes.

Security: CVE-2018-10915, CVE-2018-10925
This commit is contained in:
Tom Lane
2018-08-06 13:13:41 -04:00
parent 7aabfd1d8c
commit cd2490789e
3 changed files with 105 additions and 15 deletions

View File

@@ -39,6 +39,34 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix failure to reset <application>libpq</application>'s state fully
between connection attempts (Tom Lane)
</para>
<para>
An unprivileged user of <filename>dblink</filename>
or <filename>postgres_fdw</filename> could bypass the checks intended
to prevent use of server-side credentials, such as
a <filename>~/.pgpass</filename> file owned by the operating-system
user running the server. Servers allowing peer authentication on
local connections are particularly vulnerable. Other attacks such
as SQL injection into a <filename>postgres_fdw</filename> session
are also possible.
Attacking <filename>postgres_fdw</filename> in this way requires the
ability to create a foreign server object with selected connection
parameters, but any user with access to <filename>dblink</filename>
could exploit the problem.
In general, an attacker with the ability to select the connection
parameters for a <application>libpq</application>-using application
could cause mischief, though other plausible attack scenarios are
harder to think of.
Our thanks to Andrew Krasichkov for reporting this issue.
(CVE-2018-10915)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Ensure that updates to the <structfield>relfrozenxid</structfield> Ensure that updates to the <structfield>relfrozenxid</structfield>

View File

@@ -33,6 +33,34 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix failure to reset <application>libpq</application>'s state fully
between connection attempts (Tom Lane)
</para>
<para>
An unprivileged user of <filename>dblink</filename>
or <filename>postgres_fdw</filename> could bypass the checks intended
to prevent use of server-side credentials, such as
a <filename>~/.pgpass</filename> file owned by the operating-system
user running the server. Servers allowing peer authentication on
local connections are particularly vulnerable. Other attacks such
as SQL injection into a <filename>postgres_fdw</filename> session
are also possible.
Attacking <filename>postgres_fdw</filename> in this way requires the
ability to create a foreign server object with selected connection
parameters, but any user with access to <filename>dblink</filename>
could exploit the problem.
In general, an attacker with the ability to select the connection
parameters for a <application>libpq</application>-using application
could cause mischief, though other plausible attack scenarios are
harder to think of.
Our thanks to Andrew Krasichkov for reporting this issue.
(CVE-2018-10915)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Ensure that updates to the <structfield>relfrozenxid</structfield> Ensure that updates to the <structfield>relfrozenxid</structfield>

View File

@@ -33,6 +33,55 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix failure to reset <application>libpq</application>'s state fully
between connection attempts (Tom Lane)
</para>
<para>
An unprivileged user of <filename>dblink</filename>
or <filename>postgres_fdw</filename> could bypass the checks intended
to prevent use of server-side credentials, such as
a <filename>~/.pgpass</filename> file owned by the operating-system
user running the server. Servers allowing peer authentication on
local connections are particularly vulnerable. Other attacks such
as SQL injection into a <filename>postgres_fdw</filename> session
are also possible.
Attacking <filename>postgres_fdw</filename> in this way requires the
ability to create a foreign server object with selected connection
parameters, but any user with access to <filename>dblink</filename>
could exploit the problem.
In general, an attacker with the ability to select the connection
parameters for a <application>libpq</application>-using application
could cause mischief, though other plausible attack scenarios are
harder to think of.
Our thanks to Andrew Krasichkov for reporting this issue.
(CVE-2018-10915)
</para>
</listitem>
<listitem>
<para>
Fix <literal>INSERT ... ON CONFLICT UPDATE</literal> through a view
that isn't just <literal>SELECT * FROM ...</literal>
(Dean Rasheed, Amit Langote)
</para>
<para>
Erroneous expansion of an updatable view could lead to crashes
or <quote>attribute ... has the wrong type</quote> errors, if the
view's <literal>SELECT</literal> list doesn't match one-to-one with
the underlying table's columns.
Furthermore, this bug could be leveraged to allow updates of columns
that an attacking user lacks <literal>UPDATE</literal> privilege for,
if that user has <literal>INSERT</literal> and <literal>UPDATE</literal>
privileges for some other column(s) of the table.
Any user could also use it for disclosure of server memory.
(CVE-2018-10925)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Ensure that updates to the <structfield>relfrozenxid</structfield> Ensure that updates to the <structfield>relfrozenxid</structfield>
@@ -140,21 +189,6 @@
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Fix <literal>INSERT ... ON CONFLICT UPDATE</literal> through a view
that isn't just <literal>SELECT * FROM ...</literal>
(Dean Rasheed, Amit Langote)
</para>
<para>
Erroneous expansion of an updatable view could lead to crashes
or <quote>attribute ... has the wrong type</quote> errors, if the
view's <literal>SELECT</literal> list doesn't match one-to-one with
the underlying table's columns.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Ensure a table's cached index list is correctly rebuilt after an index Ensure a table's cached index list is correctly rebuilt after an index