Univention Bugzilla – Full Text Bug Listing |
Summary: | postgresql-9.6: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-1-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) |
Description
Quality Assurance
2018-08-08 07:41:19 CEST
--- mirror/ftp/4.3/unmaintained/4.3-1/source/postgresql-9.6_9.6.7-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/postgresql-9.6_9.6.9-0+deb9u1.dsc @@ -1,3 +1,59 @@ +9.6.9-0+deb9u1 [Tue, 08 May 2018 16:22:51 +0200] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + Remove public execute privilege from contrib/adminpack's + pg_logfile_rotate() function. (CVE-2018-1115) + + + Fix incorrect volatility and parallel-safety markings on a few built-in + functions. + +9.6.8-0+deb9u1 [Tue, 27 Feb 2018 13:14:39 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + If you run an installation in which not all users are mutually + trusting, or if you maintain an application or extension that is + intended for use in arbitrary situations, it is strongly recommended + that you read the documentation changes described in the first changelog + entry below, and take suitable steps to ensure that your installation or + code is secure. + + Also, the changes described in the second changelog entry below may + cause functions used in index expressions or materialized views to fail + during auto-analyze, or when reloading from a dump. After upgrading, + monitor the server logs for such problems, and fix affected functions. + + + Document how to configure installations and applications to guard + against search-path-dependent trojan-horse attacks from other users + + Using a search_path setting that includes any schemas writable by a + hostile user enables that user to capture control of queries and then + run arbitrary SQL code with the permissions of the attacked user. While + it is possible to write queries that are proof against such hijacking, + it is notationally tedious, and it's very easy to overlook holes. + Therefore, we now recommend configurations in which no untrusted schemas + appear in one's search path. + (CVE-2018-1058) + + + Avoid use of insecure search_path settings in pg_dump and other client + programs + + pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications + were themselves vulnerable to the type of hijacking described in the + previous changelog entry; since these applications are commonly run by + superusers, they present particularly attractive targets. To make them + secure whether or not the installation as a whole has been secured, + modify them to include only the pg_catalog schema in their search_path + settings. Autovacuum worker processes now do the same, as well. + + In cases where user-provided functions are indirectly executed by these + programs -- for example, user-provided functions in index expressions -- + the tighter search_path may result in errors, which will need to be + corrected by adjusting those user-provided functions to not assume + anything about what search path they are invoked under. That has always + been good practice, but now it will be necessary for correct behavior. + (CVE-2018-1058) + 9.6.7-0+deb9u1 [Wed, 07 Feb 2018 15:01:25 +0100] Christoph Berg <christoph.berg@credativ.de>: * New upstream version. <http://10.200.17.11/4.3-1/#4123044846320296883> OK: patches OK: piuparts OK: yaml OK: errata-announce postgresql-9.6.yaml [4.3-1] c13be5a97c Bug #47482: postgresql-9.6 9.6.9-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) New Debian postgresql-9.6 9.6.10-0+deb9u1 fixes: * CVE-2018-10915 postgresql: Certain host connection parameters defeat client-side security defenses * CVE-2018-10925 postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements --- mirror/ftp/4.3/unmaintained/4.3-1/source/postgresql-9.6_9.6.7-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/postgresql-9.6_9.6.10-0+deb9u1.dsc @@ -1,3 +1,93 @@ +9.6.10-0+deb9u1 [Thu, 09 Aug 2018 23:22:41 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + Fix failure to reset libpq's state fully between connection attempts + + An unprivileged user of dblink or postgres_fdw could bypass the checks + intended to prevent use of server-side credentials, such as a ~/.pgpass + file owned by the operating-system user running the server. Servers + allowing peer authentication on local connections are particularly + vulnerable. Other attacks such as SQL injection into a postgres_fdw + session are also possible. Attacking postgres_fdw in this way requires + the ability to create a foreign server object with selected connection + parameters, but any user with access to dblink could exploit the + problem. In general, an attacker with the ability to select the + connection parameters for a libpq-using application could cause + mischief, though other plausible attack scenarios are harder to think + of. Our thanks to Andrew Krasichkov for reporting this issue. + (CVE-2018-10915) + + + Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT + FROM ... + + Erroneous expansion of an updatable view could lead to crashes or + attribute ... has the wrong type errors, if the view's SELECT list + doesn't match one-to-one with the underlying table's columns. + Furthermore, this bug could be leveraged to allow updates of columns + that an attacking user lacks UPDATE privilege for, if that user has + INSERT and UPDATE privileges for some other column(s) of the table. Any + user could also use it for disclosure of server memory. (CVE-2018-10925) + + * Add new pgtypes header and symbol. + * Refresh debian/patches/filter-debug-prefix-map. + * Update branch in Vcs-Git field. + +9.6.9-0+deb9u1 [Tue, 08 May 2018 16:22:51 +0200] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + Remove public execute privilege from contrib/adminpack's + pg_logfile_rotate() function. (CVE-2018-1115) + + + Fix incorrect volatility and parallel-safety markings on a few built-in + functions. + +9.6.8-0+deb9u1 [Tue, 27 Feb 2018 13:14:39 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + If you run an installation in which not all users are mutually + trusting, or if you maintain an application or extension that is + intended for use in arbitrary situations, it is strongly recommended + that you read the documentation changes described in the first changelog + entry below, and take suitable steps to ensure that your installation or + code is secure. + + Also, the changes described in the second changelog entry below may + cause functions used in index expressions or materialized views to fail + during auto-analyze, or when reloading from a dump. After upgrading, + monitor the server logs for such problems, and fix affected functions. + + + Document how to configure installations and applications to guard + against search-path-dependent trojan-horse attacks from other users + + Using a search_path setting that includes any schemas writable by a + hostile user enables that user to capture control of queries and then + run arbitrary SQL code with the permissions of the attacked user. While + it is possible to write queries that are proof against such hijacking, + it is notationally tedious, and it's very easy to overlook holes. + Therefore, we now recommend configurations in which no untrusted schemas + appear in one's search path. + (CVE-2018-1058) + + + Avoid use of insecure search_path settings in pg_dump and other client + programs + + pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications + were themselves vulnerable to the type of hijacking described in the + previous changelog entry; since these applications are commonly run by + superusers, they present particularly attractive targets. To make them + secure whether or not the installation as a whole has been secured, + modify them to include only the pg_catalog schema in their search_path + settings. Autovacuum worker processes now do the same, as well. + + In cases where user-provided functions are indirectly executed by these + programs -- for example, user-provided functions in index expressions -- + the tighter search_path may result in errors, which will need to be + corrected by adjusting those user-provided functions to not assume + anything about what search path they are invoked under. That has always + been good practice, but now it will be necessary for correct behavior. + (CVE-2018-1058) + 9.6.7-0+deb9u1 [Wed, 07 Feb 2018 15:01:25 +0100] Christoph Berg <christoph.berg@credativ.de>: * New upstream version. <http://10.200.17.11/4.3-1/#4085270977162848420> OK: yaml OK: errata-announce OK: patch OK: piuparts [4.3-1] 4ff98b16b1 Bug #47482: postgresql-9.6 9.6.10-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) [4.3-1] c13be5a97c Bug #47482: postgresql-9.6 9.6.9-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) |