diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index c3fcbf7b6be..a3d9461fa6f 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Fix incorrect checking of deferred exclusion constraints after a HOT diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index 7aecb5e09c0..82dde5e038b 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Fix incorrect declaration of contrib/citext's diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml index 9ebc92d27ed..ff715efaa59 100644 --- a/doc/src/sgml/release-9.2.sgml +++ b/doc/src/sgml/release-9.2.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Fix incorrect declaration of contrib/citext's