diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2021-11-08 14:02:16 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2021-11-08 14:02:16 -0500 |
| commit | cace98d76cab8882125f6fbbe919f789fe2b9ee3 (patch) | |
| tree | c17da9a94599d766a4b3c63f41ad9cf4dab87061 | |
| parent | d83cdfdca9d918bbbd6bb209139b94c954da7228 (diff) | |
| download | postgresql-cace98d76cab8882125f6fbbe919f789fe2b9ee3.tar.gz postgresql-cace98d76cab8882125f6fbbe919f789fe2b9ee3.zip | |
Last-minute updates for release notes.
Security: CVE-2021-23214, CVE-2021-23222
| -rw-r--r-- | doc/src/sgml/release-9.6.sgml | 70 |
1 files changed, 69 insertions, 1 deletions
diff --git a/doc/src/sgml/release-9.6.sgml b/doc/src/sgml/release-9.6.sgml index e68b055c8f2..3452d4d62a5 100644 --- a/doc/src/sgml/release-9.6.sgml +++ b/doc/src/sgml/release-9.6.sgml @@ -31,7 +31,7 @@ <para> However, note that installations using physical replication should update standby servers before the primary server, as explained in - the first changelog entry below. + the third changelog entry below. </para> <para> @@ -54,6 +54,74 @@ <listitem> <!-- +Author: Tom Lane <tgl@sss.pgh.pa.us> +Branch: master [28e241255] 2021-11-08 11:01:43 -0500 +Branch: REL_14_STABLE [9d5a76b8d] 2021-11-08 11:01:43 -0500 +Branch: REL_13_STABLE [e92ed93e8] 2021-11-08 11:01:43 -0500 +Branch: REL_12_STABLE [d1bd26740] 2021-11-08 11:01:43 -0500 +Branch: REL_11_STABLE [9394fb828] 2021-11-08 11:01:43 -0500 +Branch: REL_10_STABLE [9ae0f1112] 2021-11-08 11:01:43 -0500 +Branch: REL9_6_STABLE [046c2c846] 2021-11-08 11:01:43 -0500 +--> + <para> + Make the server reject extraneous data after an SSL or GSS + encryption handshake (Tom Lane) + </para> + + <para> + A man-in-the-middle with the ability to inject data into the TCP + connection could stuff some cleartext data into the start of a + supposedly encryption-protected database session. + This could be abused to send faked SQL commands to the server, + although that would only work if the server did not demand any + authentication data. (However, a server relying on SSL certificate + authentication might well not do so.) + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Jacob Champion for reporting this problem. + (CVE-2021-23214) + </para> + </listitem> + + <listitem> +<!-- +Author: Tom Lane <tgl@sss.pgh.pa.us> +Branch: master [160c02588] 2021-11-08 11:14:56 -0500 +Branch: REL_14_STABLE [30547d791] 2021-11-08 11:14:56 -0500 +Branch: REL_13_STABLE [844b31692] 2021-11-08 11:14:56 -0500 +Branch: REL_12_STABLE [36bb95ef2] 2021-11-08 11:14:56 -0500 +Branch: REL_11_STABLE [a021a1d2a] 2021-11-08 11:14:56 -0500 +Branch: REL_10_STABLE [e65d9c8cd] 2021-11-08 11:14:56 -0500 +Branch: REL9_6_STABLE [d83cdfdca] 2021-11-08 11:14:57 -0500 +--> + <para> + Make <application>libpq</application> reject extraneous data after + an SSL or GSS encryption handshake (Tom Lane) + </para> + + <para> + A man-in-the-middle with the ability to inject data into the TCP + connection could stuff some cleartext data into the start of a + supposedly encryption-protected database session. + This could probably be abused to inject faked responses to the + client's first few queries, although other details of libpq's + behavior make that harder than it sounds. A different line of + attack is to exfiltrate the client's password, or other sensitive + data that might be sent early in the session. That has been shown + to be possible with a server vulnerable to CVE-2021-23214. + </para> + + <para> + The <productname>PostgreSQL</productname> Project thanks + Jacob Champion for reporting this problem. + (CVE-2021-23222) + </para> + </listitem> + + <listitem> +<!-- Author: Alvaro Herrera <alvherre@alvh.no-ip.org> Branch: master [ff9f111bc] 2021-09-29 11:21:51 -0300 Branch: REL_14_STABLE [64a8687a6] 2021-09-29 11:41:01 -0300 |