-
postgresql-10 (10.9-0ubuntu0.18.10.1) cosmic-security; urgency=medium
* New upstream release (LP: #1828012)
- Fix buffer-overflow hazards in SCRAM verifier parsing and libpq
CVE-2019-10164
- Fix failure of ALTER TABLE ... ALTER COLUMN TYPE when the table has
a partial exclusion constraint
- Fix failure of COMMENT command for comments on domain constraints
- Prevent possible memory clobber when there are duplicate columns in
a hash aggregate's hash key list
- Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/static/release-10-9.html
-- Christian Ehrhardt <email address hidden> Tue, 18 Jun 2019 13:11:36 +0200
-
postgresql-10 (10.8-0ubuntu0.18.10.1) cosmic-security; urgency=medium
* New upstream release(s) (LP: #1828012)
- Prevent row-level security policies from being bypassed via
selectivity estimators.
CVE-2019-10130
- Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/static/release-10-8.html
-- Christian Ehrhardt <email address hidden> Tue, 07 May 2019 11:20:35 +0200
-
postgresql-10 (10.7-0ubuntu0.18.10.1) cosmic; urgency=medium
* New upstream release (LP: #1815665)
- By default, panic instead of retrying after fsync() failure, to avoid
possible data corruption. A new server parameter "guc-data-sync-retry"
has been added to control this;
- d/p/pg-10-Disallow-setting-client_min_messages-higher-than-ERR.patch:
to retain SRU stability this patch reverts one of the changes which
disabled the error suppression by setting client_min_messages to
fatal or panic. Overall that means no change to the handling of
client_min_messages due to this upload.
- d/p/pg-10-Rename-rbtree.c-functions-to-use-rbt-prefix-not-rb-p.patch:
this change of 10.7 would break an external ABI/API exposed to
extensions. To avoid breaking those (especially those not in the Ubuntu
Archive that we can't control) this change of upstreams stable release
is reverted. Thereby the ABI/API is unchanged in regard to the rb_
function prefix by this new package upload to Ubuntu.
- Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/static/release-10-7.html
-- Christian Ehrhardt <email address hidden> Tue, 12 Feb 2019 21:25:34 +0100
-
postgresql-10 (10.6-0ubuntu0.18.10.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Updated to 10.6 to fix security issue.
- Details about the new release can be found at
https://www.postgresql.org/docs/10/release-10-6.html
- CVE-2018-16850
-- Marc Deslauriers <email address hidden> Tue, 13 Nov 2018 14:20:49 -0500
-
postgresql-10 (10.5-1) unstable; urgency=medium
* New upstream version.
+ Fix failure to reset libpq's state fully between connection attempts
An unprivileged user of dblink or postgres_fdw could bypass the checks
intended to prevent use of server-side credentials, such as a ~/.pgpass
file owned by the operating-system user running the server. Servers
allowing peer authentication on local connections are particularly
vulnerable. Other attacks such as SQL injection into a postgres_fdw
session are also possible. Attacking postgres_fdw in this way requires
the ability to create a foreign server object with selected connection
parameters, but any user with access to dblink could exploit the
problem. In general, an attacker with the ability to select the
connection parameters for a libpq-using application could cause
mischief, though other plausible attack scenarios are harder to think
of. Our thanks to Andrew Krasichkov for reporting this issue.
(CVE-2018-10915)
+ Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
FROM ...
Erroneous expansion of an updatable view could lead to crashes or
attribute ... has the wrong type errors, if the view's SELECT list
doesn't match one-to-one with the underlying table's columns.
Furthermore, this bug could be leveraged to allow updates of columns
that an attacking user lacks UPDATE privilege for, if that user has
INSERT and UPDATE privileges for some other column(s) of the table. Any
user could also use it for disclosure of server memory. (CVE-2018-10925)
* Remove version checking for libselinux1-dev, 2.1.10 is old enough now.
* Drop support for tcl8.5.
* Use dh_auto_configure to correctly seed the build architecture.
* Filter -fdebug-prefix-map and -ffile-prefix-map in more places, and make
PGXS modules build reproducibly.
* Add new pgtypes header and symbol.
-- Christoph Berg <email address hidden> Tue, 07 Aug 2018 10:56:16 +0200
-
postgresql-10 (10.4-2) unstable; urgency=medium
* Update libpq_pgport in Makefile.global to find libpgcommon/libpgport in
pkglibdir.
-- Christoph Berg <email address hidden> Sat, 12 May 2018 17:57:49 +0200
-
postgresql-10 (10.4-1) unstable; urgency=medium
* New upstream version.
+ Remove public execute privilege from contrib/adminpack's
pg_logfile_rotate() function. (CVE-2018-1115)
+ Fix incorrect volatility and parallel-safety markings on a few built-in
functions.
* Move libpgport.a, libpgcommon.a, and libpgfeutils.a from libdir to
pkglibdir.
* Revert "B-D on python3-distutils | python3-dev (<< 3.6.4~rc1-2)".
-- Christoph Berg <email address hidden> Tue, 08 May 2018 16:02:19 +0200
-
postgresql-10 (10.3-2) unstable; urgency=medium
* Improve wording of NEWS entry on search_path changes. Thanks Chris Lamb!
(Closes: #891898)
* Disable spinlocks on riscv64, thanks Aurelien Jarno! (Closes: #892807)
* B-D on python3-distutils | python3-dev (<< 3.6.4~rc1-2).
-- Christoph Berg <email address hidden> Wed, 21 Mar 2018 13:56:34 +0100
-
postgresql-10 (10.3-1) unstable; urgency=medium
* New upstream version.
If you run an installation in which not all users are mutually
trusting, or if you maintain an application or extension that is
intended for use in arbitrary situations, it is strongly recommended
that you read the documentation changes described in the first changelog
entry below, and take suitable steps to ensure that your installation or
code is secure.
Also, the changes described in the second changelog entry below may
cause functions used in index expressions or materialized views to fail
during auto-analyze, or when reloading from a dump. After upgrading,
monitor the server logs for such problems, and fix affected functions.
+ Document how to configure installations and applications to guard
against search-path-dependent trojan-horse attacks from other users
Using a search_path setting that includes any schemas writable by a
hostile user enables that user to capture control of queries and then
run arbitrary SQL code with the permissions of the attacked user. While
it is possible to write queries that are proof against such hijacking,
it is notationally tedious, and it's very easy to overlook holes.
Therefore, we now recommend configurations in which no untrusted schemas
appear in one's search path.
(CVE-2018-1058)
+ Avoid use of insecure search_path settings in pg_dump and other client
programs
pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
were themselves vulnerable to the type of hijacking described in the
previous changelog entry; since these applications are commonly run by
superusers, they present particularly attractive targets. To make them
secure whether or not the installation as a whole has been secured,
modify them to include only the pg_catalog schema in their search_path
settings. Autovacuum worker processes now do the same, as well.
In cases where user-provided functions are indirectly executed by these
programs -- for example, user-provided functions in index expressions --
the tighter search_path may result in errors, which will need to be
corrected by adjusting those user-provided functions to not assume
anything about what search path they are invoked under. That has always
been good practice, but now it will be necessary for correct behavior.
(CVE-2018-1058)
-- Christoph Berg <email address hidden> Tue, 27 Feb 2018 12:54:34 +0100
