mirror of
https://github.com/postgres/postgres.git
synced 2025-11-03 09:13:20 +03:00
Last-minute updates for release notes.
Security: CVE-2017-12172, CVE-2017-15098, CVE-2017-15099
This commit is contained in:
Tom Lane
@@ -40,6 +40,31 @@
|
|||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Fix sample server-start scripts to become <literal>$PGUSER</literal>
|
||||||
|
before opening <literal>$PGLOG</literal> (Noah Misch)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Previously, the postmaster log file was opened while still running as
|
||||||
|
root. The database owner could therefore mount an attack against
|
||||||
|
another system user by making <literal>$PGLOG</literal> be a symbolic
|
||||||
|
link to some other file, which would then become corrupted by appending
|
||||||
|
log messages.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
By default, these scripts are not installed anywhere. Users who have
|
||||||
|
made use of them will need to manually recopy them, or apply the same
|
||||||
|
changes to their modified versions. If the
|
||||||
|
existing <literal>$PGLOG</literal> file is root-owned, it will need to
|
||||||
|
be removed or renamed out of the way before restarting the server with
|
||||||
|
the corrected script.
|
||||||
|
(CVE-2017-12172)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Properly reject attempts to convert infinite float values to
|
Properly reject attempts to convert infinite float values to
|
||||||
|
|||||||
@@ -34,6 +34,48 @@
|
|||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Fix crash due to rowtype mismatch
|
||||||
|
in <function>json{b}_populate_recordset()</function>
|
||||||
|
(Michael Paquier, Tom Lane)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
These functions used the result rowtype specified in the <literal>FROM
|
||||||
|
... AS</literal> clause without checking that it matched the actual
|
||||||
|
rowtype of the supplied tuple value. If it didn't, that would usually
|
||||||
|
result in a crash, though disclosure of server memory contents seems
|
||||||
|
possible as well.
|
||||||
|
(CVE-2017-15098)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Fix sample server-start scripts to become <literal>$PGUSER</literal>
|
||||||
|
before opening <literal>$PGLOG</literal> (Noah Misch)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Previously, the postmaster log file was opened while still running as
|
||||||
|
root. The database owner could therefore mount an attack against
|
||||||
|
another system user by making <literal>$PGLOG</literal> be a symbolic
|
||||||
|
link to some other file, which would then become corrupted by appending
|
||||||
|
log messages.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
By default, these scripts are not installed anywhere. Users who have
|
||||||
|
made use of them will need to manually recopy them, or apply the same
|
||||||
|
changes to their modified versions. If the
|
||||||
|
existing <literal>$PGLOG</literal> file is root-owned, it will need to
|
||||||
|
be removed or renamed out of the way before restarting the server with
|
||||||
|
the corrected script.
|
||||||
|
(CVE-2017-12172)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Properly reject attempts to convert infinite float values to
|
Properly reject attempts to convert infinite float values to
|
||||||
|
|||||||
@@ -33,6 +33,48 @@
|
|||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Fix crash due to rowtype mismatch
|
||||||
|
in <function>json{b}_populate_recordset()</function>
|
||||||
|
(Michael Paquier, Tom Lane)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
These functions used the result rowtype specified in the <literal>FROM
|
||||||
|
... AS</literal> clause without checking that it matched the actual
|
||||||
|
rowtype of the supplied tuple value. If it didn't, that would usually
|
||||||
|
result in a crash, though disclosure of server memory contents seems
|
||||||
|
possible as well.
|
||||||
|
(CVE-2017-15098)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Fix sample server-start scripts to become <literal>$PGUSER</literal>
|
||||||
|
before opening <literal>$PGLOG</literal> (Noah Misch)
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Previously, the postmaster log file was opened while still running as
|
||||||
|
root. The database owner could therefore mount an attack against
|
||||||
|
another system user by making <literal>$PGLOG</literal> be a symbolic
|
||||||
|
link to some other file, which would then become corrupted by appending
|
||||||
|
log messages.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
By default, these scripts are not installed anywhere. Users who have
|
||||||
|
made use of them will need to manually recopy them, or apply the same
|
||||||
|
changes to their modified versions. If the
|
||||||
|
existing <literal>$PGLOG</literal> file is root-owned, it will need to
|
||||||
|
be removed or renamed out of the way before restarting the server with
|
||||||
|
the corrected script.
|
||||||
|
(CVE-2017-12172)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Fix crash when logical decoding is invoked from a SPI-using function,
|
Fix crash when logical decoding is invoked from a SPI-using function,
|
||||||
|
|||||||
Reference in New Issue
Block a user