From 328c36478b45973d85abb6d66552e23e8c978e02 Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Wed, 8 Nov 2017 15:25:35 -0500 Subject: [PATCH] Updated content of 20171109 release and applied text document --- .../current/20171109securityrelease.md | 51 +++++++------ .../current/20171109securityrelease.txt | 73 +++++++++++++++++++ 2 files changed, 103 insertions(+), 21 deletions(-) create mode 100644 update_releases/current/20171109securityrelease.txt diff --git a/update_releases/current/20171109securityrelease.md b/update_releases/current/20171109securityrelease.md index f0f1da7..299a8c7 100644 --- a/update_releases/current/20171109securityrelease.md +++ b/update_releases/current/20171109securityrelease.md @@ -1,20 +1,44 @@ 2017-11-09 Security Update Release ================================== -The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.25. This release fixes issues found in BRIN indexing, logical replication and other bugs reported over the past three months. +The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24. This release fixes three security issues. This release also fixes issues found in BRIN indexing, logical replication and other bugs reported over the past three months. -All users using the affected versions of PostgreSQL should update as soon as possible. If you utilize BRIN indexes, please see the "Updating" section for additional post-upgrade steps. +All users using the affected versions of PostgreSQL should update as soon as possible. If you use BRIN indexes or contrib/start-scripts, please +see the release notes for additional post-upgrade steps. + +Security Issues +--------------- + +Three security vulnerabilities have been fixed by this release: + +* [CVE-2017-12172](https://access.redhat.com/security/cve/CVE-2017-12172): Start scripts permit database administrator to modify root-owned files +* [CVE-2017-15098](https://access.redhat.com/security/cve/CVE-2017-15098): Memory disclosure in JSON functions +* [CVE-2017-15099](https://access.redhat.com/security/cve/CVE-2017-15099): INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges + +CVE-2017-12172: Start scripts permit database administrator to modify root-owned files +-------------------------- + +Prior to this release, the startup log file for the postmaster (in newer releases, "postgres") process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data. + +This fix ensures that the startup log file is opened as the user specified to run the PostgreSQL server. Any users who have made use of the start scripts will need to ensure the startup log files are owned by the user specified to run the PostgreSQL server. + +CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges +-------------------------- + +Prior to this release, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing user had permission to perform a "SELECT" on the index performing the conflicting check. Additionally, in a table with row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE" would not check the SELECT policies for that table before performing the update. + +This fix ensures that "INSERT ... ON CONFLICT DO UPDATE" checks against table permissions and RLS policies before executing. Bug Fixes and Improvements -------------------------- This update also fixes a number of bugs reported in the last few months. Some of these issues affect only version 10, but many affect all supported versions: -* Fix a race condition in BRIN indexing that could cause some rows to not be included in the indexing. Please see instructions below for post-upgrade fixes to correct this issue. -* Fixes for logical replication, which includes preventing non-replicated columns being set to NULL when replication on an UPDATE and ensure BEFORE ROW DELETE triggers are performed when their conditions for executing are met. +* Fix a race condition in BRIN indexing that could cause some rows to not be included in the indexing. * Fix crash when logical decoding is invoked from a PL language function. -* Modified CTE behavior for table looks when a CTE contains an INSERT/UPDATE/DELETE to not execute that portion of the CTE, which restores the expected behavior prior to version 10. -* Prevent low-probability crash in processing of nested trigger firings +* Several fixes for logical replication. +* Restored behavior for CTEs attached to INSERT/UPDATE/DELETE statements to pre-version 10. +* Prevent low-probability crash in processing of nested trigger firings. * Do not evaluate an aggregate function's argument expressions when the conditions in the FILTER clause evaluate to FALSE. This complies with SQL-standard behavior. * Fix incorrect query results when multiple GROUPING SETS columns contain the same simple variable. * Fix memory leak over the lifespan of a query when evaluating a set-returning function from the target list in a SELECT. @@ -41,21 +65,6 @@ EOL Notice for Version 9.2 PostgreSQL version 9.2 is now End-of-Life (EOL). No additional updates or security patches will be released by the community for this version. Users still on 9.2 are urged to upgrade as soon as possible. See our [Versioning Policy](https://www.postgresql.org/support/versioning/) for more information. -Updating --------- - -All PostgreSQL update releases are cumulative. As with other minor releases, users are not required to dump and reload their database or use pg\_upgrade in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. - -Users affected by the BRIN index issue may need to perform a reindex on affected indexes. A reindex can be performed with the following command: - - REINDEX affected_index_name; - -Note that the `REINDEX` command will lock all writes to the table while the command is running. If you need your table to be writeable while rebuilding the index, please utilize the following strategy: - - CREATE INDEX CONCURRENTLY new_index_name ON table_name USING BRIN(column_name); - DROP INDEX affected_index_name; - ALTER INDEX new_index_name RENAME TO affected_index_name; - Links ------ * [Download](https://www.postgresql.org/download) diff --git a/update_releases/current/20171109securityrelease.txt b/update_releases/current/20171109securityrelease.txt new file mode 100644 index 0000000..995a90e --- /dev/null +++ b/update_releases/current/20171109securityrelease.txt @@ -0,0 +1,73 @@ +2017-11-09 Security Update Release +================================== + +The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24. This release fixes three security issues. This release also fixes issues found in BRIN indexing, logical replication and other bugs reported over the past three months. + +All users using the affected versions of PostgreSQL should update as soon as possible. If you use BRIN indexes or contrib/start-scripts, please +see the release notes for additional post-upgrade steps. + +Security Issues +--------------- + +Three security vulnerabilities have been fixed by this release: + +* CVE-2017-12172: Start scripts permit database administrator to modify root-owned files +* CVE-2017-15098: Memory disclosure in JSON functions +* CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges + +CVE-2017-12172: Start scripts permit database administrator to modify root-owned files +-------------------------- + +Prior to this release, the startup log file for the postmaster (in newer releases, "postgres") process was opened while the process was still owned by root. With this setup, the database owner could specify a file that they did not have access to and cause the file to be corrupted with logged data. + +This fix ensures that the startup log file is opened as the user specified to run the PostgreSQL server. Any users who have made use of the start scripts will need to ensure the startup log files are owned by the user specified to run the PostgreSQL server. + +CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges +-------------------------- + +Prior to this release, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing user had permission to perform a "SELECT" on the index performing the conflicting check. Additionally, in a table with row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE" would not check the SELECT policies for that table before performing the update. + +This fix ensures that "INSERT ... ON CONFLICT DO UPDATE" checks against table permissions and RLS policies before executing. + +Bug Fixes and Improvements +-------------------------- + +This update also fixes a number of bugs reported in the last few months. Some of these issues affect only version 10, but many affect all supported versions: + +* Fix a race condition in BRIN indexing that could cause some rows to not be included in the indexing. +* Fix crash when logical decoding is invoked from a PL language function. +* Several fixes for logical replication. +* Restored behavior for CTEs attached to INSERT/UPDATE/DELETE statements to pre-version 10. +* Prevent low-probability crash in processing of nested trigger firings. +* Do not evaluate an aggregate function's argument expressions when the conditions in the FILTER clause evaluate to FALSE. This complies with SQL-standard behavior. +* Fix incorrect query results when multiple GROUPING SETS columns contain the same simple variable. +* Fix memory leak over the lifespan of a query when evaluating a set-returning function from the target list in a SELECT. +* Several fixes for parallel query execution, including fixing a crash in the parallel execution of certain queries that contain a certain type of bitmap scan. +* Fix json\_build\_array(), json\_build\_object(), jsonb\_build\_array(), and jsonb\_build\_object() to handle explicit VARIADIC arguments correctly. +* Prevent infinite float values from being casted to the numeric type. +* Fix autovacuum's “work item” logic to prevent possible crashes and silent loss of work items. +* Several fixes for VIEWs around adding columns to the end of a view. +* Fix for hashability detection of range data types that are created by a user. +* Improvements on using extended statistics on columns for the purposes of query planning. +* Prevent idle\_in\_transaction\_session\_timeout from being ignored when a statement\_timeout occurred earlier. +* Fix low-probability loss of NOTIFY messages due more than 2 billion transactions processing before any queries are executed in the session. +* Several file system interaction fixes. +* Correctly restore the umask setting when file creation fails in COPY or lo\_export(). +* Fix pg\_dump to ensure that it emits GRANT commands in a valid order. +* Fix pg\_basebackup's matching of tablespace paths to canonicalize both paths before comparing to help improve Windows compatibility. +* Fix libpq to not require user's home directory to exist when trying to read the "~/.pgpass" file. +* Several fixes for ecpg. + +This update also contains tzdata release 2017c, with updates for Fiji, Namibia, Northern Cyprus, Sudan, Tonga, and Turks & Caicos Islands, plus historical corrections for Alaska, Apia, Burma, Calcutta, Detroit, Ireland, Namibia, and Pago Pago. + +EOL Notice for Version 9.2 +----------------------------------------- + +PostgreSQL version 9.2 is now End-of-Life (EOL). No additional updates or security patches will be released by the community for this version. Users still on 9.2 are urged to upgrade as soon as possible. See our Versioning Policy for more information. + +Links +------ +* Download: https://www.postgresql.org/download +* Release Notes: https://www.postgresql.org/docs/current/static/release.html +* Security Page: https://www.postgresql.org/support/security/ +* Versioning Policy: https://www.postgresql.org/support/versioning/ -- 2.39.5