|
25 | 25 | <para> |
26 | 26 | However, note that installations using physical replication should |
27 | 27 | update standby servers before the primary server, as explained in |
28 | | - thefirst changelog entry below. |
| 28 | + thethird changelog entry below. |
29 | 29 | </para> |
30 | 30 |
|
31 | 31 | <para> |
|
43 | 43 |
|
44 | 44 | <listitem> |
45 | 45 | <!-- |
| 46 | +Author: Tom Lane <tgl@sss.pgh.pa.us> |
| 47 | +Branch: master [28e241255] 2021-11-08 11:01:43 -0500 |
| 48 | +Branch: REL_14_STABLE [9d5a76b8d] 2021-11-08 11:01:43 -0500 |
| 49 | +Branch: REL_13_STABLE [e92ed93e8] 2021-11-08 11:01:43 -0500 |
| 50 | +Branch: REL_12_STABLE [d1bd26740] 2021-11-08 11:01:43 -0500 |
| 51 | +Branch: REL_11_STABLE [9394fb828] 2021-11-08 11:01:43 -0500 |
| 52 | +Branch: REL_10_STABLE [9ae0f1112] 2021-11-08 11:01:43 -0500 |
| 53 | +Branch: REL9_6_STABLE [046c2c846] 2021-11-08 11:01:43 -0500 |
| 54 | +--> |
| 55 | + <para> |
| 56 | + Make the server reject extraneous data after an SSL or GSS |
| 57 | + encryption handshake (Tom Lane) |
| 58 | + </para> |
| 59 | + |
| 60 | + <para> |
| 61 | + A man-in-the-middle with the ability to inject data into the TCP |
| 62 | + connection could stuff some cleartext data into the start of a |
| 63 | + supposedly encryption-protected database session. |
| 64 | + This could be abused to send faked SQL commands to the server, |
| 65 | + although that would only work if the server did not demand any |
| 66 | + authentication data. (However, a server relying on SSL certificate |
| 67 | + authentication might well not do so.) |
| 68 | + </para> |
| 69 | + |
| 70 | + <para> |
| 71 | + The <productname>PostgreSQL</productname> Project thanks |
| 72 | + Jacob Champion for reporting this problem. |
| 73 | + (CVE-2021-23214) |
| 74 | + </para> |
| 75 | + </listitem> |
| 76 | + |
| 77 | + <listitem> |
| 78 | +<!-- |
| 79 | +Author: Tom Lane <tgl@sss.pgh.pa.us> |
| 80 | +Branch: master [160c02588] 2021-11-08 11:14:56 -0500 |
| 81 | +Branch: REL_14_STABLE [30547d791] 2021-11-08 11:14:56 -0500 |
| 82 | +Branch: REL_13_STABLE [844b31692] 2021-11-08 11:14:56 -0500 |
| 83 | +Branch: REL_12_STABLE [36bb95ef2] 2021-11-08 11:14:56 -0500 |
| 84 | +Branch: REL_11_STABLE [a021a1d2a] 2021-11-08 11:14:56 -0500 |
| 85 | +Branch: REL_10_STABLE [e65d9c8cd] 2021-11-08 11:14:56 -0500 |
| 86 | +Branch: REL9_6_STABLE [d83cdfdca] 2021-11-08 11:14:57 -0500 |
| 87 | +--> |
| 88 | + <para> |
| 89 | + Make <application>libpq</application> reject extraneous data after |
| 90 | + an SSL or GSS encryption handshake (Tom Lane) |
| 91 | + </para> |
| 92 | + |
| 93 | + <para> |
| 94 | + A man-in-the-middle with the ability to inject data into the TCP |
| 95 | + connection could stuff some cleartext data into the start of a |
| 96 | + supposedly encryption-protected database session. |
| 97 | + This could probably be abused to inject faked responses to the |
| 98 | + client's first few queries, although other details of libpq's |
| 99 | + behavior make that harder than it sounds. A different line of |
| 100 | + attack is to exfiltrate the client's password, or other sensitive |
| 101 | + data that might be sent early in the session. That has been shown |
| 102 | + to be possible with a server vulnerable to CVE-2021-23214. |
| 103 | + </para> |
| 104 | + |
| 105 | + <para> |
| 106 | + The <productname>PostgreSQL</productname> Project thanks |
| 107 | + Jacob Champion for reporting this problem. |
| 108 | + (CVE-2021-23222) |
| 109 | + </para> |
| 110 | + </listitem> |
| 111 | + |
| 112 | + <listitem> |
| 113 | +<!-- |
46 | 114 | Author: Alvaro Herrera <alvherre@alvh.no-ip.org> |
47 | 115 | Branch: master [ff9f111bc] 2021-09-29 11:21:51 -0300 |
48 | 116 | Branch: REL_14_STABLE [64a8687a6] 2021-09-29 11:41:01 -0300 |
@@ -338,6 +406,22 @@ Branch: REL9_6_STABLE [0de8f9bc8] 2021-10-06 13:24:22 +0100 |
338 | 406 |
|
339 | 407 | <listitem> |
340 | 408 | <!-- |
| 409 | +Author: David Rowley <drowley@postgresql.org> |
| 410 | +Branch: master [39a310567] 2021-11-08 14:40:33 +1300 |
| 411 | +Branch: REL_14_STABLE [1f194ed6c] 2021-11-08 14:41:13 +1300 |
| 412 | +--> |
| 413 | + <para> |
| 414 | + Avoid choosing the wrong hash equality operator for Memoize plans |
| 415 | + (David Rowley) |
| 416 | + </para> |
| 417 | + |
| 418 | + <para> |
| 419 | + This error could result in crashes or incorrect query results. |
| 420 | + </para> |
| 421 | + </listitem> |
| 422 | + |
| 423 | + <listitem> |
| 424 | +<!-- |
341 | 425 | Author: Tom Lane <tgl@sss.pgh.pa.us> |
342 | 426 | Branch: master [4d5f651f1] 2021-10-14 12:43:55 -0400 |
343 | 427 | Branch: REL_14_STABLE [fd059ac2e] 2021-10-14 12:43:43 -0400 |
|