Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitfb3930a

Browse files
committed
Last-minute updates for release notes.
Security:CVE-2017-12172,CVE-2017-15098,CVE-2017-15099
1 parentc0c8807 commitfb3930a

File tree

2 files changed

+67
-0
lines changed

2 files changed

+67
-0
lines changed

‎doc/src/sgml/release-9.2.sgml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,31 @@
4040

4141
<itemizedlist>
4242

43+
<listitem>
44+
<para>
45+
Fix sample server-start scripts to become <literal>$PGUSER</literal>
46+
before opening <literal>$PGLOG</literal> (Noah Misch)
47+
</para>
48+
49+
<para>
50+
Previously, the postmaster log file was opened while still running as
51+
root. The database owner could therefore mount an attack against
52+
another system user by making <literal>$PGLOG</literal> be a symbolic
53+
link to some other file, which would then become corrupted by appending
54+
log messages.
55+
</para>
56+
57+
<para>
58+
By default, these scripts are not installed anywhere. Users who have
59+
made use of them will need to manually recopy them, or apply the same
60+
changes to their modified versions. If the
61+
existing <literal>$PGLOG</literal> file is root-owned, it will need to
62+
be removed or renamed out of the way before restarting the server with
63+
the corrected script.
64+
(CVE-2017-12172)
65+
</para>
66+
</listitem>
67+
4368
<listitem>
4469
<para>
4570
Properly reject attempts to convert infinite float values to

‎doc/src/sgml/release-9.3.sgml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,48 @@
3434

3535
<itemizedlist>
3636

37+
<listitem>
38+
<para>
39+
Fix crash due to rowtype mismatch
40+
in <function>json{b}_populate_recordset()</function>
41+
(Michael Paquier, Tom Lane)
42+
</para>
43+
44+
<para>
45+
These functions used the result rowtype specified in the <literal>FROM
46+
... AS</literal> clause without checking that it matched the actual
47+
rowtype of the supplied tuple value. If it didn't, that would usually
48+
result in a crash, though disclosure of server memory contents seems
49+
possible as well.
50+
(CVE-2017-15098)
51+
</para>
52+
</listitem>
53+
54+
<listitem>
55+
<para>
56+
Fix sample server-start scripts to become <literal>$PGUSER</literal>
57+
before opening <literal>$PGLOG</literal> (Noah Misch)
58+
</para>
59+
60+
<para>
61+
Previously, the postmaster log file was opened while still running as
62+
root. The database owner could therefore mount an attack against
63+
another system user by making <literal>$PGLOG</literal> be a symbolic
64+
link to some other file, which would then become corrupted by appending
65+
log messages.
66+
</para>
67+
68+
<para>
69+
By default, these scripts are not installed anywhere. Users who have
70+
made use of them will need to manually recopy them, or apply the same
71+
changes to their modified versions. If the
72+
existing <literal>$PGLOG</literal> file is root-owned, it will need to
73+
be removed or renamed out of the way before restarting the server with
74+
the corrected script.
75+
(CVE-2017-12172)
76+
</para>
77+
</listitem>
78+
3779
<listitem>
3880
<para>
3981
Properly reject attempts to convert infinite float values to

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp