#12377: postgresql-11.5
-------------------------+---------------------
Reporter: bdubbs | Owner: bdubbs
Type: enhancement | Status: closed
Priority: high | Milestone: 9.0
Component: BOOK | Version: SVN
Severity: normal | Resolution: fixed
Keywords: |
-------------------------+---------------------
Changes (by renodr):
* priority: normal => high
Comment:
Mark/document as security fixes
{{{
Require schema qualification to cast to a temporary type when using
functional cast syntax (Noah Misch)
We have long required invocations of temporary functions to explicitly
specify the temporary schema, that is pg_temp.func_name(args). Require
this as well for casting to temporary types using functional notation, for
example pg_temp.type_name(arg). Otherwise it's possible to capture a
function call using a temporary object, allowing privilege escalation in
much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)
Fix execution of hashed subplans that require cross-type comparison (Tom
Lane, Andreas Seltenreich)
Hashed subplans used the outer query's original comparison operator to
compare entries of the hash table. This is the wrong thing if that
operator is cross-type, since all the hash table entries will be of the
subquery's output type. For the set of hashable cross-type operators in
core PostgreSQL, this mistake seems nearly harmless on 64-bit machines,
but it can result in crashes or perhaps unauthorized disclosure of server
memory on 32-bit machines. Extensions might provide hashable cross-type
operators that create larger risks. (CVE-2019-10209)
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/12377#comment:4>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
