Opened 3 years ago
Closed 3 years ago
Last modified 3 years ago
New minor version.
Release notes are at https://www.postgresql.org/docs/release/11.5/
Fixed at revision 21933.
Mark/document as security fixes
Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch)
We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)
Fix execution of hashed subplans that require cross-type comparison (Tom Lane, Andreas Seltenreich)
Hashed subplans used the outer query's original comparison operator to compare entries of the hash table. This is the wrong thing if that operator is cross-type, since all the hash table entries will be of the subquery's output type. For the set of hashable cross-type operators in core PostgreSQL, this mistake seems nearly harmless on 64-bit machines, but it can result in crashes or perhaps unauthorized disclosure of server memory on 32-bit machines. Extensions might provide hashable cross-type operators that create larger risks. (CVE-2019-10209)
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2022 Gerard Beekmans.