From dd5015ad1ac0d80c3bb656042b46aaf5bca2f0b2 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 18 May 2015 12:09:02 -0400 Subject: [PATCH] Last-minute updates for release notes. Add entries for security issues. Security: CVE-2015-3165 through CVE-2015-3167 --- doc/src/sgml/release-9.0.sgml | 51 +++++++++++++++++++ doc/src/sgml/release-9.1.sgml | 51 +++++++++++++++++++ doc/src/sgml/release-9.2.sgml | 51 +++++++++++++++++++ doc/src/sgml/release-9.3.sgml | 51 +++++++++++++++++++ doc/src/sgml/release-9.4.sgml | 95 +++++++++++++++++++++++++++++++++++ 5 files changed, 299 insertions(+) diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index c3fcbf7b6b..a3d9461fa6 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Fix incorrect checking of deferred exclusion constraints after a HOT diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index 7aecb5e09c..82dde5e038 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Fix incorrect declaration of contrib/citext's diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml index 9ebc92d27e..ff715efaa5 100644 --- a/doc/src/sgml/release-9.2.sgml +++ b/doc/src/sgml/release-9.2.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Fix incorrect declaration of contrib/citext's diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml index dca9275f7b..4c0d853543 100644 --- a/doc/src/sgml/release-9.3.sgml +++ b/doc/src/sgml/release-9.3.sgml @@ -40,6 +40,57 @@ + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + + Protect against wraparound of multixact member IDs diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml index 274791ba5c..ec5dce4486 100644 --- a/doc/src/sgml/release-9.4.sgml +++ b/doc/src/sgml/release-9.4.sgml @@ -39,6 +39,101 @@ + + + + + Avoid possible crash when client disconnects just before the + authentication timeout expires (Benkocs Norbert Attila) + + + + If the timeout interrupt fired partway through the session shutdown + sequence, SSL-related state would be freed twice, typically causing a + crash and hence denial of service to other sessions. Experimentation + shows that an unauthenticated remote attacker could trigger the bug + somewhat consistently, hence treat as security issue. + (CVE-2015-3165) + + + + + + + + Consistently check for failure of the *printf() family of + functions (Noah Misch) + + + + Most calls of these functions did not consider the possibility that + the functions could fail with, eg, out-of-memory conditions. The usual + result would just be missing output, but crashes or exposure of + unintended information are also possible. To protect against such + risks uniformly, create wrappers around these functions that throw an + error on failure. Also add missing error checks to a few + security-relevant calls of other system functions. + (CVE-2015-3166) + + + + + + + + In contrib/pgcrypto, uniformly report decryption failures + as Wrong key or corrupt data (Noah Misch) + + + + Previously, some cases of decryption with an incorrect key could report + other error message texts. It has been shown that such variance in + error reports can aid attackers in recovering keys from other systems. + While it's unknown whether pgcrypto's specific behaviors + are likewise exploitable, it seems better to avoid the risk by using a + one-size-fits-all message. + (CVE-2015-3167) + + +