Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit639a806

Browse files
committed
Last-minute updates for release notes.
Security:CVE-2023-5868,CVE-2023-5869,CVE-2023-5870
1 parente24daa9 commit639a806

File tree

1 file changed

+114
-1
lines changed

1 file changed

+114
-1
lines changed

‎doc/src/sgml/release-16.sgml

Lines changed: 114 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
certain types of indexes yielding wrong search results or being
2828
unnecessarily inefficient. It is advisable
2929
to <command>REINDEX</command> potentially-affected indexes after
30-
installing this update. See thefirst throughfourth changelog
30+
installing this update. See thefourth throughseventh changelog
3131
entries below.
3232
</para>
3333
</sect2>
@@ -39,6 +39,119 @@
3939

4040
<listitem>
4141
<!--
42+
Author: Tom Lane <tgl@sss.pgh.pa.us>
43+
Branch: master [3b0776fde] 2023-11-06 10:38:00 -0500
44+
Branch: REL_16_STABLE [d3d1e2509] 2023-11-06 10:38:00 -0500
45+
Branch: REL_15_STABLE [4f4a422fb] 2023-11-06 10:38:00 -0500
46+
Branch: REL_14_STABLE [9146d0d65] 2023-11-06 10:38:00 -0500
47+
Branch: REL_13_STABLE [d3de70fdb] 2023-11-06 10:38:00 -0500
48+
Branch: REL_12_STABLE [e911afd09] 2023-11-06 10:38:00 -0500
49+
Branch: REL_11_STABLE [8c6633f4d] 2023-11-06 10:38:00 -0500
50+
-->
51+
<para>
52+
Fix handling of unknown-type arguments
53+
in <literal>DISTINCT</literal> <type>"any"</type> aggregate
54+
functions (Tom Lane)
55+
</para>
56+
57+
<para>
58+
This error led to a <type>text</type>-type value being interpreted
59+
as an <type>unknown</type>-type value (that is, a zero-terminated
60+
string) at runtime. This could result in disclosure of server
61+
memory following the <type>text</type> value.
62+
</para>
63+
64+
<para>
65+
The <productname>PostgreSQL</productname> Project thanks Jingzhou Fu
66+
for reporting this problem.
67+
(CVE-2023-5868)
68+
</para>
69+
</listitem>
70+
71+
<listitem>
72+
<!--
73+
Author: Tom Lane <tgl@sss.pgh.pa.us>
74+
Branch: master [18b585155] 2023-11-06 10:56:43 -0500
75+
Branch: REL_16_STABLE [e24daa94b] 2023-11-06 10:56:43 -0500
76+
Branch: REL_15_STABLE [3bc6bc3ee] 2023-11-06 10:56:43 -0500
77+
Branch: REL_14_STABLE [edc0a8d82] 2023-11-06 10:56:43 -0500
78+
Branch: REL_13_STABLE [26c599beb] 2023-11-06 10:56:43 -0500
79+
Branch: REL_12_STABLE [d267cea24] 2023-11-06 10:56:43 -0500
80+
Branch: REL_11_STABLE [c48008f59] 2023-11-06 10:56:43 -0500
81+
-->
82+
<para>
83+
Detect integer overflow while computing new array dimensions
84+
(Tom Lane)
85+
</para>
86+
87+
<para>
88+
When assigning new elements to array subscripts that are outside the
89+
current array bounds, an undetected integer overflow could occur in
90+
edge cases. Memory stomps that are potentially exploitable for
91+
arbitrary code execution are possible, and so is disclosure of
92+
server memory.
93+
</para>
94+
95+
<para>
96+
The <productname>PostgreSQL</productname> Project thanks Pedro
97+
Gallegos for reporting this problem.
98+
(CVE-2023-5869)
99+
</para>
100+
</listitem>
101+
102+
<listitem>
103+
<!--
104+
Author: Noah Misch <noah@leadboat.com>
105+
Branch: master [3a9b18b30] 2023-11-06 06:14:13 -0800
106+
Branch: REL_16_STABLE [785412731] 2023-11-06 06:14:16 -0800
107+
Branch: REL_15_STABLE [595c988c9] 2023-11-06 06:14:16 -0800
108+
Branch: REL_14_STABLE [508acb901] 2023-11-06 06:14:17 -0800
109+
Branch: REL_13_STABLE [28b609550] 2023-11-06 06:14:17 -0800
110+
Branch: REL_12_STABLE [2893f2f40] 2023-11-06 06:14:17 -0800
111+
Branch: REL_11_STABLE [e082734c8] 2023-11-06 06:14:18 -0800
112+
Author: Noah Misch <noah@leadboat.com>
113+
Branch: master [b72de09a1] 2023-11-06 06:14:13 -0800
114+
Branch: REL_16_STABLE [2c3c5ec49] 2023-11-06 06:14:16 -0800
115+
Branch: REL_15_STABLE [fbc371909] 2023-11-06 06:14:16 -0800
116+
Branch: REL_14_STABLE [ecd5d240c] 2023-11-06 06:14:17 -0800
117+
Branch: REL_13_STABLE [2c7a2a00a] 2023-11-06 06:14:17 -0800
118+
Branch: REL_12_STABLE [7bbf4d037] 2023-11-06 06:14:17 -0800
119+
Branch: REL_11_STABLE [a27be40c1] 2023-11-06 06:14:18 -0800
120+
-->
121+
<para>
122+
Prevent the <literal>pg_signal_backend</literal> role from
123+
signalling background workers and autovacuum processes
124+
(Noah Misch, Jelte Fennema-Nio)
125+
</para>
126+
127+
<para>
128+
The documentation says that <literal>pg_signal_backend</literal>
129+
cannot issue signals to superuser-owned processes. It was able to
130+
signal these background processes, though, because they advertise a
131+
role OID of zero. Treat that as indicating superuser ownership.
132+
The security implications of cancelling one of these process types
133+
are fairly small so far as the core code goes (we'll just start
134+
another one), but extensions might add background workers that are
135+
more vulnerable.
136+
</para>
137+
138+
<para>
139+
Also ensure that the <varname>is_superuser</varname> parameter is
140+
set correctly in such processes. No specific security consequences
141+
are known for that oversight, but it might be significant for some
142+
extensions.
143+
</para>
144+
145+
<para>
146+
The <productname>PostgreSQL</productname> Project thanks
147+
Hemanth Sandrana and Mahendrakar Srinivasarao
148+
for reporting this problem.
149+
(CVE-2023-5870)
150+
</para>
151+
</listitem>
152+
153+
<listitem>
154+
<!--
42155
Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
43156
Branch: master [28d3c2ddc] 2023-09-26 14:14:49 +0300
44157
Branch: REL_16_STABLE [d7f521325] 2023-09-26 14:15:01 +0300

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp