From 0d45dfa32bdc17c551869d09bbfe927dbba3df07 Mon Sep 17 00:00:00 2001 From: "Jonathan S. Katz" Date: Wed, 8 Feb 2023 23:01:56 -0500 Subject: [PATCH] Revisions to the 2023-02-09 security release Reviewed-by: Tom Lane --- .../current/20230209securityrelease.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/update_releases/current/20230209securityrelease.md b/update_releases/current/20230209securityrelease.md index daf5758..a27a9fc 100644 --- a/update_releases/current/20230209securityrelease.md +++ b/update_releases/current/20230209securityrelease.md @@ -13,10 +13,11 @@ Security Issues Versions Affected: 12 - 15. -A modified, unauthenticated server can send an unterminated string during the -establishment of Kerberos transport encryption. When a `libpq` client -application has a Kerberos credential cache and doesn't explicitly disable -option [`gssencmode`](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-GSSENCMODE), +A modified, unauthenticated server or an unauthenticated man-in-the-middle can +send an unterminated string during the establishment of Kerberos transport +encryption. When a `libpq` client application has a Kerberos credential cache +and doesn't explicitly disable option +[`gssencmode`](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-GSSENCMODE), a server can cause `libpq` to over-read and report an error message containing uninitialized bytes from and following its receive buffer. If `libpq`'s caller somehow makes that message accessible to the attacker, this achieves a @@ -43,7 +44,7 @@ table or the child generated column has different dependencies than the parent. command. * Allow a [`WITH RECURSIVE ... CYCLE`](https://www.postgresql.org/docs/current/queries-with.html#QUERIES-WITH-CYCLE) -query to access its output column. +query to access its `SET` output column. * Fix an issue with bulk insertions on foreign tables that could lead to logical inconsistencies, for example, a `BEFORE ROW` trigger may not process rows that should be available. @@ -51,10 +52,11 @@ should be available. [`jsonpath`](https://www.postgresql.org/docs/current/functions-json.html#FUNCTIONS-SQLJSON-PATH) existence checks. * Fix for [`jsonb` subscripting](https://www.postgresql.org/docs/current/datatype-json.html#JSONB-SUBSCRIPTING) -to handle very large subscript values. +that come directly from a `text` column in a table. * Honor updated values of `checkpoint_completion_target` on reload. * Log the correct ending timestamp in `recovery_target_xid` mode. -* Fix issue to allow longer column lists when using logical replication. +* Fix issue to allow column lists longer than 100 when using logical +replication. * Prevent "wrong tuple length" failure at the end of [`VACUUM`](https://www.postgresql.org/docs/current/sql-vacuum.html). * Avoid an immediate commit after @@ -64,7 +66,7 @@ query pipelining. opportunities for using [memoization with partitionwise joins](https://www.postgresql.org/docs/current/runtime-config-query.html). * Fix for statistics collection to correctly handle when a relation changes -(e.g. a table is converted to a view). +type (e.g. a table is converted to a view). * Ensure [full text search](https://www.postgresql.org/docs/current/textsearch.html) queries can be cancelled while performing phrase matches. * Fix deadlock between [`DROP DATABASE`](https://www.postgresql.org/docs/current/sql-dropdatabase.html) -- 2.39.5