[ubuntu/dapper-security] postgresql-8.1 (delayed), postgresql-8.1 8.1.22-0ubuntu0.6.06 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Oct 7 15:10:05 BST 2010 

postgresql-8.1 (8.1.22-0ubuntu0.6.06) dapper-security; urgency=low

  * New upstream security/bug fix release: (LP: #655293)
    - Use a separate interpreter for each calling SQL userid in PL/Perl
      and PL/Tcl.
      This change prevents security problems that can be caused by
      subverting Perl or Tcl code that will be executed later in the same
      session under another SQL user identity (for example, within a
      SECURITY DEFINER function). Most scripting languages offer numerous
      ways that that might be done, such as redefining standard functions
      or operators called by the target function. Without this change,
      any SQL user with Perl or Tcl language usage rights can do
      essentially anything with the SQL privileges of the target
      function's owner.
      The cost of this change is that intentional communication among
      Perl and Tcl functions becomes more difficult. To provide an escape
      hatch, PL/PerlU and PL/TclU functions continue to use only one
      interpreter per session. This is not considered a security issue
      since all such functions execute at the trust level of a database
      superuser already.
      It is likely that third-party procedural languages that claim to
      offer trusted execution have similar security issues. We advise
      contacting the authors of any PL you are depending on for
      security-critical purposes.
      Our thanks to Tim Bunce for pointing out this issue
      (CVE-2010-3433).
    - Prevent possible crashes in pg_get_expr() by disallowing it from
      being called with an argument that is not one of the system catalog
      columns it's intended to be used with.
    - Fix "cannot handle unplanned sub-select" error.
      This occurred when a sub-select contains a join alias reference
      that expands into an expression containing another sub-select.
    - Prevent show_session_authorization() from crashing within
      autovacuum processes.
    - Defend against functions returning setof record where not all the
      returned rows are actually of the same rowtype.
    - Fix possible failure when hashing a pass-by-reference function
      result.
    - Take care to fsync the contents of lockfiles (both "postmaster.pid"
      and the socket lockfile) while writing them.
      This omission could result in corrupted lockfile contents if the
      machine crashes shortly after postmaster start. That could in turn
      prevent subsequent attempts to start the postmaster from
      succeeding, until the lockfile is manually removed.
    - Avoid recursion while assigning XIDs to heavily-nested
      subtransactions.
      The original coding could result in a crash if there was limited
      stack space.
    - Fix log_line_prefix's %i escape, which could produce junk early in
      backend startup.
    - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
      when archiving is enabled.
    - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
      be interrupted by query-cancel.
    - In PL/Python, defend against null pointer results from
      PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
    - Improve "contrib/dblink"'s handling of tables containing dropped
      columns.
    - Fix connection leak after "duplicate connection name" errors in
      "contrib/dblink".
    - Fix "contrib/dblink" to handle connection names longer than 62
      bytes correctly.
    - Update build infrastructure and documentation to reflect the source
      code repository's move from CVS to Git (Magnus Hagander and others)

Date: Wed, 06 Oct 2010 10:04:24 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Martin Pitt <mpitt at debian.org>
https://launchpad.net/ubuntu/dapper/+source/postgresql-8.1/8.1.22-0ubuntu0.6.06
-------------- next part --------------
Format: 1.7
Date: Wed, 06 Oct 2010 10:04:24 +0200
Source: postgresql-8.1
Binary: postgresql-8.1 postgresql-pltcl-8.1 postgresql-plperl-8.1 libpgtypes2 libpq-dev libpq4 postgresql-doc-8.1 postgresql-plpython-8.1 libecpg-compat2 libecpg5 libecpg-dev postgresql-client-8.1 postgresql-server-dev-8.1 postgresql-contrib-8.1
Architecture: source
Version: 8.1.22-0ubuntu0.6.06
Distribution: dapper-security
Urgency: low
Maintainer: Martin Pitt <mpitt at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libecpg-compat2 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg5   - run-time library for ECPG programs
 libpgtypes2 - shared library libpgtypes for PostgreSQL 8.1
 libpq-dev  - header files for libpq4 (PostgreSQL library)
 libpq4     - PostgreSQL C client library
 postgresql-8.1 - object-relational SQL database, version 8.1 server
 postgresql-client-8.1 - front-end programs for PostgreSQL 8.1
 postgresql-contrib-8.1 - additional facilities for PostgreSQL
 postgresql-doc-8.1 - documentation for the PostgreSQL database management system
 postgresql-plperl-8.1 - PL/Perl procedural language for PostgreSQL 8.1
 postgresql-plpython-8.1 - PL/Python procedural language for PostgreSQL 8.1
 postgresql-pltcl-8.1 - PL/TCL procedural language for PostgreSQL 8.1
 postgresql-server-dev-8.1 - development files for PostgreSQL 8.1 server-side programming
Changes: 
 postgresql-8.1 (8.1.22-0ubuntu0.6.06) dapper-security; urgency=low
 .
   * New upstream security/bug fix release: (LP: #655293)
     - Use a separate interpreter for each calling SQL userid in PL/Perl
       and PL/Tcl.
       This change prevents security problems that can be caused by
       subverting Perl or Tcl code that will be executed later in the same
       session under another SQL user identity (for example, within a
       SECURITY DEFINER function). Most scripting languages offer numerous
       ways that that might be done, such as redefining standard functions
       or operators called by the target function. Without this change,
       any SQL user with Perl or Tcl language usage rights can do
       essentially anything with the SQL privileges of the target
       function's owner.
       The cost of this change is that intentional communication among
       Perl and Tcl functions becomes more difficult. To provide an escape
       hatch, PL/PerlU and PL/TclU functions continue to use only one
       interpreter per session. This is not considered a security issue
       since all such functions execute at the trust level of a database
       superuser already.
       It is likely that third-party procedural languages that claim to
       offer trusted execution have similar security issues. We advise
       contacting the authors of any PL you are depending on for
       security-critical purposes.
       Our thanks to Tim Bunce for pointing out this issue
       (CVE-2010-3433).
     - Prevent possible crashes in pg_get_expr() by disallowing it from
       being called with an argument that is not one of the system catalog
       columns it's intended to be used with.
     - Fix "cannot handle unplanned sub-select" error.
       This occurred when a sub-select contains a join alias reference
       that expands into an expression containing another sub-select.
     - Prevent show_session_authorization() from crashing within
       autovacuum processes.
     - Defend against functions returning setof record where not all the
       returned rows are actually of the same rowtype.
     - Fix possible failure when hashing a pass-by-reference function
       result.
     - Take care to fsync the contents of lockfiles (both "postmaster.pid"
       and the socket lockfile) while writing them.
       This omission could result in corrupted lockfile contents if the
       machine crashes shortly after postmaster start. That could in turn
       prevent subsequent attempts to start the postmaster from
       succeeding, until the lockfile is manually removed.
     - Avoid recursion while assigning XIDs to heavily-nested
       subtransactions.
       The original coding could result in a crash if there was limited
       stack space.
     - Fix log_line_prefix's %i escape, which could produce junk early in
       backend startup.
     - Fix possible data corruption in "ALTER TABLE ... SET TABLESPACE"
       when archiving is enabled.
     - Allow "CREATE DATABASE" and "ALTER DATABASE ... SET TABLESPACE" to
       be interrupted by query-cancel.
     - In PL/Python, defend against null pointer results from
       PyCObject_AsVoidPtr and PyCObject_FromVoidPtr.
     - Improve "contrib/dblink"'s handling of tables containing dropped
       columns.
     - Fix connection leak after "duplicate connection name" errors in
       "contrib/dblink".
     - Fix "contrib/dblink" to handle connection names longer than 62
       bytes correctly.
     - Update build infrastructure and documentation to reflect the source
       code repository's move from CVS to Git (Magnus Hagander and others)
Files: 
 adab7a0532787ad01078e6f00f25a0b4 1771 misc optional postgresql-8.1_8.1.22-0ubuntu0.6.06.dsc
 ce967312c7ba88c811c4f4a4e664dd0e 11602822 misc optional postgresql-8.1_8.1.22.orig.tar.gz
 ddf0b862cd0610637655b6d68f28027d 35697 misc optional postgresql-8.1_8.1.22-0ubuntu0.6.06.diff.gz

More information about the dapper-changes mailing list