diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2013-02-04 16:25:01 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2013-02-04 16:25:01 -0500 |
| commit | ab0f7b6089fd215f6ce6081e2e222c38d643a526 (patch) | |
| tree | 6d7a40318967821b43b20026e90f905182f97662 /doc/src | |
| parent | 318db6b2a05ca12d7ca7bae288bf473def4bdd42 (diff) | |
| download | postgresql-ab0f7b6089fd215f6ce6081e2e222c38d643a526.tar.gz postgresql-ab0f7b6089fd215f6ce6081e2e222c38d643a526.zip | |
Prevent execution of enum_recv() from SQL.
This function was misdeclared to take cstring when it should take internal.
This at least allows crashing the server, and in principle an attacker
might be able to use the function to examine the contents of server memory.
The correct fix is to adjust the system catalog contents (and fix the
regression tests that should have caught this but failed to). However,
asking users to correct the catalog contents in existing installations
is a pain, so as a band-aid fix for the back branches, install a check
in enum_recv() to make it throw error if called with a cstring argument.
We will later revert this in HEAD in favor of correcting the catalogs.
Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue.
Security: CVE-2013-0255
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/release-8.3.sgml | 13 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.4.sgml | 13 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.0.sgml | 13 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.1.sgml | 13 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.2.sgml | 13 |
5 files changed, 65 insertions, 0 deletions
diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml index 7d9764c9874..43db2ad35ad 100644 --- a/doc/src/sgml/release-8.3.sgml +++ b/doc/src/sgml/release-8.3.sgml @@ -42,6 +42,19 @@ <listitem> <para> + Prevent execution of <function>enum_recv</> from SQL (Tom Lane) + </para> + + <para> + The function was misdeclared, allowing a simple SQL command to crash the + server. In principle an attacker might be able to use it to examine the + contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) + for reporting this issue. (CVE-2013-0255) + </para> + </listitem> + + <listitem> + <para> Fix SQL grammar to allow subscripting or field selection from a sub-SELECT result (Tom Lane) </para> diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index 1d601f1c07e..03f31e63a84 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -36,6 +36,19 @@ <listitem> <para> + Prevent execution of <function>enum_recv</> from SQL (Tom Lane) + </para> + + <para> + The function was misdeclared, allowing a simple SQL command to crash the + server. In principle an attacker might be able to use it to examine the + contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) + for reporting this issue. (CVE-2013-0255) + </para> + </listitem> + + <listitem> + <para> Update minimum recovery point when truncating a relation file (Heikki Linnakangas) </para> diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index fc0af4edbc3..f3340abc7e6 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -36,6 +36,19 @@ <listitem> <para> + Prevent execution of <function>enum_recv</> from SQL (Tom Lane) + </para> + + <para> + The function was misdeclared, allowing a simple SQL command to crash the + server. In principle an attacker might be able to use it to examine the + contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) + for reporting this issue. (CVE-2013-0255) + </para> + </listitem> + + <listitem> + <para> Fix multiple problems in detection of when a consistent database state has been reached during WAL replay (Fujii Masao, Heikki Linnakangas, Simon Riggs, Andres Freund) diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index 897b584247a..172b125e222 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -36,6 +36,19 @@ <listitem> <para> + Prevent execution of <function>enum_recv</> from SQL (Tom Lane) + </para> + + <para> + The function was misdeclared, allowing a simple SQL command to crash the + server. In principle an attacker might be able to use it to examine the + contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) + for reporting this issue. (CVE-2013-0255) + </para> + </listitem> + + <listitem> + <para> Fix multiple problems in detection of when a consistent database state has been reached during WAL replay (Fujii Masao, Heikki Linnakangas, Simon Riggs, Andres Freund) diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml index d70ddd66e4a..61bb925dca4 100644 --- a/doc/src/sgml/release-9.2.sgml +++ b/doc/src/sgml/release-9.2.sgml @@ -36,6 +36,19 @@ <listitem> <para> + Prevent execution of <function>enum_recv</> from SQL (Tom Lane) + </para> + + <para> + The function was misdeclared, allowing a simple SQL command to crash the + server. In principle an attacker might be able to use it to examine the + contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP) + for reporting this issue. (CVE-2013-0255) + </para> + </listitem> + + <listitem> + <para> Fix multiple problems in detection of when a consistent database state has been reached during WAL replay (Fujii Masao, Heikki Linnakangas, Simon Riggs, Andres Freund) |