|
35 | 35 |
|
36 | 36 | <listitem> |
37 | 37 | <!-- |
| 38 | +Author: Noah Misch <noah@leadboat.com> |
| 39 | +Branch: master [11da97024] 2020-08-10 09:22:54 -0700 |
| 40 | +Branch: REL_13_STABLE [412c5c401] 2020-08-10 09:22:58 -0700 |
| 41 | +Branch: REL_12_STABLE [64a71062e] 2020-08-10 09:22:58 -0700 |
| 42 | +Branch: REL_11_STABLE [5a936d64c] 2020-08-10 09:22:59 -0700 |
| 43 | +Branch: REL_10_STABLE [dd5d99516] 2020-08-10 09:22:59 -0700 |
| 44 | +Branch: master [cec57b1a0] 2020-08-10 09:22:54 -0700 |
| 45 | +Branch: REL_13_STABLE [b601f24c8] 2020-08-10 09:22:58 -0700 |
| 46 | +Branch: REL_12_STABLE [515ee4a7e] 2020-08-10 09:22:58 -0700 |
| 47 | +Branch: REL_11_STABLE [613ed8a58] 2020-08-10 09:22:59 -0700 |
| 48 | +Branch: REL_10_STABLE [b793d6af9] 2020-08-10 09:22:59 -0700 |
| 49 | +--> |
| 50 | + <para> |
| 51 | + Set a secure <varname>search_path</varname> in logical replication |
| 52 | + walsenders and apply workers (Noah Misch) |
| 53 | + </para> |
| 54 | + |
| 55 | + <para> |
| 56 | + A malicious user of either the publisher or subscriber database |
| 57 | + could potentially cause execution of arbitrary SQL code by the role |
| 58 | + running replication, which is often a superuser. Some of the risks |
| 59 | + here are equivalent to those described in CVE-2018-1058, and are |
| 60 | + mitigated in this patch by ensuring that the replication sender and |
| 61 | + receiver execute with empty <varname>search_path</varname> settings. |
| 62 | + (As with CVE-2018-1058, that change might cause problems for |
| 63 | + under-qualified names used in replicated tables' DDL.) Other risks |
| 64 | + are inherent in replicating objects that belong to untrusted roles; |
| 65 | + the most we can do is document that there is a hazard to consider. |
| 66 | + (CVE-2020-14349) |
| 67 | + </para> |
| 68 | + </listitem> |
| 69 | + |
| 70 | + <listitem> |
| 71 | +<!-- |
| 72 | +Author: Tom Lane <tgl@sss.pgh.pa.us> |
| 73 | +Branch: master [7eeb1d986] 2020-08-10 10:44:42 -0400 |
| 74 | +Branch: REL_13_STABLE [98ca64899] 2020-08-10 10:44:42 -0400 |
| 75 | +Branch: REL_12_STABLE [3ba967084] 2020-08-10 10:44:42 -0400 |
| 76 | +Branch: REL_11_STABLE [afa358786] 2020-08-10 10:44:43 -0400 |
| 77 | +Branch: REL_10_STABLE [96cbfe92d] 2020-08-10 10:44:43 -0400 |
| 78 | +Branch: REL9_6_STABLE [2ea8a60fc] 2020-08-10 10:44:43 -0400 |
| 79 | +Branch: REL9_5_STABLE [6b11a4687] 2020-08-10 10:44:43 -0400 |
| 80 | +--> |
| 81 | + <para> |
| 82 | + Make contrib modules' installation scripts more secure (Tom Lane) |
| 83 | + </para> |
| 84 | + |
| 85 | + <para> |
| 86 | + Attacks similar to those described in CVE-2018-1058 could be carried |
| 87 | + out against an extension installation script, if the attacker can |
| 88 | + create objects in either the extension's target schema or the schema |
| 89 | + of some prerequisite extension. Since extensions often require |
| 90 | + superuser privilege to install, this can open a path to obtaining |
| 91 | + superuser privilege. To mitigate this risk, be more careful about |
| 92 | + the <varname>search_path</varname> used to run an installation |
| 93 | + script; disable <varname>check_function_bodies</varname> within the |
| 94 | + script; and fix catalog-adjustment queries used in some contrib |
| 95 | + modules to ensure they are secure. Also provide documentation to |
| 96 | + help third-party extension authors make their installation scripts |
| 97 | + secure. This is not a complete solution; extensions that depend on |
| 98 | + other extensions can still be at risk if installed carelessly. |
| 99 | + (CVE-2020-14350) |
| 100 | + </para> |
| 101 | + </listitem> |
| 102 | + |
| 103 | + <listitem> |
| 104 | +<!-- |
38 | 105 | Author: Etsuro Fujita <efujita@postgresql.org> |
39 | 106 | Branch: master [13838740f] 2020-07-28 11:00:00 +0900 |
40 | 107 | Branch: REL_13_STABLE [cebe10a5f] 2020-07-28 11:00:00 +0900 |
|