|
35 | 35 |
|
36 | 36 | <listitem> |
37 | 37 | <!-- |
| 38 | +Author: Dean Rasheed <dean.a.rasheed@gmail.com> |
| 39 | +Branch: master [1aebfbea8] 2019-05-06 11:38:43 +0100 |
| 40 | +Branch: REL_11_STABLE [0027ee3c5] 2019-05-06 11:41:22 +0100 |
| 41 | +Branch: REL_10_STABLE [940802830] 2019-05-06 11:43:09 +0100 |
| 42 | +Branch: REL9_6_STABLE [085d64d9d] 2019-05-06 11:45:01 +0100 |
| 43 | +Branch: REL9_5_STABLE [93c36145a] 2019-05-06 11:46:33 +0100 |
| 44 | +--> |
| 45 | + <para> |
| 46 | + Prevent row-level security policies from being bypassed via |
| 47 | + selectivity estimators (Dean Rasheed) |
| 48 | + </para> |
| 49 | + |
| 50 | + <para> |
| 51 | + Some of the planner's selectivity estimators apply user-defined |
| 52 | + operators to values found in <structname>pg_statistic</structname> |
| 53 | + (e.g., most-common values). A leaky operator therefore can disclose |
| 54 | + some of the entries in a data column, even if the calling user lacks |
| 55 | + permission to read that column. In CVE-2017-7484 we added |
| 56 | + restrictions to forestall that, but we failed to consider the |
| 57 | + effects of row-level security. A user who has SQL permission to |
| 58 | + read a column, but who is forbidden to see certain rows due to RLS |
| 59 | + policy, might still learn something about those rows' contents via a |
| 60 | + leaky operator. This patch further tightens the rules, allowing |
| 61 | + leaky operators to be applied to statistics data only when there is |
| 62 | + no relevant RLS policy. (CVE-2019-10130) |
| 63 | + </para> |
| 64 | + </listitem> |
| 65 | + |
| 66 | + <listitem> |
| 67 | +<!-- |
| 68 | +Author: Michael Paquier <michael@paquier.xyz> |
| 69 | +Branch: master [91248608a] 2019-05-06 21:44:24 +0900 |
| 70 | +Branch: REL_11_STABLE [52635c276] 2019-05-06 21:44:39 +0900 |
| 71 | +--> |
| 72 | + <para> |
| 73 | + Avoid access to already-freed memory during partition routing error |
| 74 | + reports (Michael Paquier) |
| 75 | + </para> |
| 76 | + |
| 77 | + <para> |
| 78 | + This mistake could lead to a crash, and in principle it might be |
| 79 | + possible to use it to disclose server memory contents. |
| 80 | + (CVE-2019-10129) |
| 81 | + </para> |
| 82 | + </listitem> |
| 83 | + |
| 84 | + <listitem> |
| 85 | +<!-- |
38 | 86 | Author: Tom Lane <tgl@sss.pgh.pa.us> |
39 | 87 | Branch: master [c01eb619a] 2019-04-26 17:18:07 -0400 |
40 | 88 | Branch: REL_11_STABLE [02c359eed] 2019-04-26 17:18:07 -0400 |
@@ -592,6 +640,32 @@ Branch: REL_10_STABLE [19ff710aa] 2019-03-07 14:21:52 -0500 |
592 | 640 |
|
593 | 641 | <listitem> |
594 | 642 | <!-- |
| 643 | +Author: Dean Rasheed <dean.a.rasheed@gmail.com> |
| 644 | +Branch: master [a0905056f] 2019-05-06 11:54:32 +0100 |
| 645 | +Branch: REL_11_STABLE [98dad4cd4] 2019-05-06 11:56:37 +0100 |
| 646 | +Branch: REL_10_STABLE [ca74e3e0f] 2019-05-06 11:58:32 +0100 |
| 647 | +Branch: REL9_6_STABLE [71185228c] 2019-05-06 12:00:00 +0100 |
| 648 | +Branch: REL9_5_STABLE [01256815a] 2019-05-06 12:01:44 +0100 |
| 649 | +Branch: REL9_4_STABLE [3c0999909] 2019-05-06 12:05:05 +0100 |
| 650 | +--> |
| 651 | + <para> |
| 652 | + Check the appropriate user's permissions when enforcing rules about |
| 653 | + letting a leaky operator see <structname>pg_statistic</structname> |
| 654 | + data (Dean Rasheed) |
| 655 | + </para> |
| 656 | + |
| 657 | + <para> |
| 658 | + When an underlying table is being accessed via a view, consider the |
| 659 | + privileges of the view owner while deciding whether leaky operators |
| 660 | + may be applied to the table's statistics data, rather than the |
| 661 | + privileges of the user making the query. This makes the planner's |
| 662 | + rules about what data is visible match up with the executor's, |
| 663 | + avoiding unnecessarily-poor plans. |
| 664 | + </para> |
| 665 | + </listitem> |
| 666 | + |
| 667 | + <listitem> |
| 668 | +<!-- |
595 | 669 | Author: Etsuro Fujita <efujita@postgresql.org> |
596 | 670 | Branch: master [b5afdde6a] 2019-03-12 16:21:57 +0900 |
597 | 671 | Branch: REL_11_STABLE [fd1eaf920] 2019-03-12 16:32:27 +0900 |
|