Univention Bugzilla – Full Text Bug Listing |
Summary: | postgresql-9.4: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-4-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) |
Description
Quality Assurance
2018-08-09 10:17:48 CEST
--- mirror/ftp/4.2/unmaintained/4.2-4/source/postgresql-9.4_9.4.15-0+deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/postgresql-9.4_9.4.18-0+deb8u1.dsc @@ -1,3 +1,61 @@ +9.4.18-0+deb8u1 [Tue, 08 May 2018 20:37:04 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + Fix incorrect volatility markings on a few built-in functions. + +9.4.17-0+deb8u1 [Tue, 27 Feb 2018 13:20:22 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + If you run an installation in which not all users are mutually + trusting, or if you maintain an application or extension that is + intended for use in arbitrary situations, it is strongly recommended + that you read the documentation changes described in the first changelog + entry below, and take suitable steps to ensure that your installation or + code is secure. + + Also, the changes described in the second changelog entry below may + cause functions used in index expressions or materialized views to fail + during auto-analyze, or when reloading from a dump. After upgrading, + monitor the server logs for such problems, and fix affected functions. + + + Document how to configure installations and applications to guard + against search-path-dependent trojan-horse attacks from other users + + Using a search_path setting that includes any schemas writable by a + hostile user enables that user to capture control of queries and then + run arbitrary SQL code with the permissions of the attacked user. While + it is possible to write queries that are proof against such hijacking, + it is notationally tedious, and it's very easy to overlook holes. + Therefore, we now recommend configurations in which no untrusted schemas + appear in one's search path. + (CVE-2018-1058) + + + Avoid use of insecure search_path settings in pg_dump and other client + programs + + pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications + were themselves vulnerable to the type of hijacking described in the + previous changelog entry; since these applications are commonly run by + superusers, they present particularly attractive targets. To make them + secure whether or not the installation as a whole has been secured, + modify them to include only the pg_catalog schema in their search_path + settings. Autovacuum worker processes now do the same, as well. + + In cases where user-provided functions are indirectly executed by these + programs -- for example, user-provided functions in index expressions -- + the tighter search_path may result in errors, which will need to be + corrected by adjusting those user-provided functions to not assume + anything about what search path they are invoked under. That has always + been good practice, but now it will be necessary for correct behavior. + (CVE-2018-1058) + +9.4.16-0+deb8u1 [Thu, 08 Feb 2018 10:34:39 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + Ensure that all temporary files made by pg_upgrade are + non-world-readable (CVE-2018-1053) + 9.4.15-0+deb8u1 [Wed, 08 Nov 2017 15:27:38 +0100] Christoph Berg <christoph.berg@credativ.de>: * New upstream version. <http://10.200.17.11/4.2-4/#7392945361158566467> OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] e1636ae9d5 Bug #47527: postgresql-9.4 9.4.18-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.2-4] 8398618de4 Bug #47527: postgresql-9.4 9.4.18-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) [4.2-4] b921478a03 Bug #47527: postgresql-9.4 9.4.18-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) New Debian postgresql-9.4 9.4.19-0+deb8u1 fixes: * Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) --- mirror/ftp/4.2/unmaintained/4.2-4/source/postgresql-9.4_9.4.15-0+deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/postgresql-9.4_9.4.19-0+deb8u1.dsc @@ -1,3 +1,82 @@ +9.4.19-0+deb8u1 [Mon, 06 Aug 2018 16:14:28 +0200] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + Fix failure to reset libpq's state fully between connection attempts + + An unprivileged user of dblink or postgres_fdw could bypass the checks + intended to prevent use of server-side credentials, such as a ~/.pgpass + file owned by the operating-system user running the server. Servers + allowing peer authentication on local connections are particularly + vulnerable. Other attacks such as SQL injection into a postgres_fdw + session are also possible. Attacking postgres_fdw in this way requires + the ability to create a foreign server object with selected connection + parameters, but any user with access to dblink could exploit the + problem. In general, an attacker with the ability to select the + connection parameters for a libpq-using application could cause + mischief, though other plausible attack scenarios are harder to think + of. Our thanks to Andrew Krasichkov for reporting this issue. + (CVE-2018-10915) + + * Add new pgtypes header and symbol. + +9.4.18-0+deb8u1 [Tue, 08 May 2018 20:37:04 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + Fix incorrect volatility markings on a few built-in functions. + +9.4.17-0+deb8u1 [Tue, 27 Feb 2018 13:20:22 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + If you run an installation in which not all users are mutually + trusting, or if you maintain an application or extension that is + intended for use in arbitrary situations, it is strongly recommended + that you read the documentation changes described in the first changelog + entry below, and take suitable steps to ensure that your installation or + code is secure. + + Also, the changes described in the second changelog entry below may + cause functions used in index expressions or materialized views to fail + during auto-analyze, or when reloading from a dump. After upgrading, + monitor the server logs for such problems, and fix affected functions. + + + Document how to configure installations and applications to guard + against search-path-dependent trojan-horse attacks from other users + + Using a search_path setting that includes any schemas writable by a + hostile user enables that user to capture control of queries and then + run arbitrary SQL code with the permissions of the attacked user. While + it is possible to write queries that are proof against such hijacking, + it is notationally tedious, and it's very easy to overlook holes. + Therefore, we now recommend configurations in which no untrusted schemas + appear in one's search path. + (CVE-2018-1058) + + + Avoid use of insecure search_path settings in pg_dump and other client + programs + + pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications + were themselves vulnerable to the type of hijacking described in the + previous changelog entry; since these applications are commonly run by + superusers, they present particularly attractive targets. To make them + secure whether or not the installation as a whole has been secured, + modify them to include only the pg_catalog schema in their search_path + settings. Autovacuum worker processes now do the same, as well. + + In cases where user-provided functions are indirectly executed by these + programs -- for example, user-provided functions in index expressions -- + the tighter search_path may result in errors, which will need to be + corrected by adjusting those user-provided functions to not assume + anything about what search path they are invoked under. That has always + been good practice, but now it will be necessary for correct behavior. + (CVE-2018-1058) + +9.4.16-0+deb8u1 [Thu, 08 Feb 2018 10:34:39 +0100] Christoph Berg <christoph.berg@credativ.de>: + + * New upstream version. + + Ensure that all temporary files made by pg_upgrade are + non-world-readable (CVE-2018-1053) + 9.4.15-0+deb8u1 [Wed, 08 Nov 2017 15:27:38 +0100] Christoph Berg <christoph.berg@credativ.de>: * New upstream version. <http://10.200.17.11/4.2-4/#7735362498209762054> OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] ac0cc03f4d Bug #47527: postgresql-9.4 9.4.19-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) [4.2-4] 85f68fb867 Bug #47527: postgresql-9.4 9.4.19-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) [4.2-4] e1636ae9d5 Bug #47527: postgresql-9.4 9.4.18-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.2-4] 8398618de4 Bug #47527: postgresql-9.4 9.4.18-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) [4.2-4] b921478a03 Bug #47527: postgresql-9.4 9.4.18-0+deb8u1 doc/errata/staging/postgresql-9.4.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) |