diff options
| -rw-r--r-- | doc/src/sgml/release-9.3.sgml | 22 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.4.sgml | 22 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.5.sgml | 22 |
3 files changed, 66 insertions, 0 deletions
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml index 8be44e33f61..6d339db8d33 100644 --- a/doc/src/sgml/release-9.3.sgml +++ b/doc/src/sgml/release-9.3.sgml @@ -35,6 +35,28 @@ <listitem> <para> + Ensure that all temporary files made + by <application>pg_upgrade</application> are non-world-readable + (Tom Lane, Noah Misch) + </para> + + <para> + <application>pg_upgrade</application> normally restricts its + temporary files to be readable and writable only by the calling user. + But the temporary file containing <literal>pg_dumpall -g</literal> + output would be group- or world-readable, or even writable, if the + user's <literal>umask</literal> setting allows. In typical usage on + multi-user machines, the <literal>umask</literal> and/or the working + directory's permissions would be tight enough to prevent problems; + but there may be people using <application>pg_upgrade</application> + in scenarios where this oversight would permit disclosure of database + passwords to unfriendly eyes. + (CVE-2018-1053) + </para> + </listitem> + + <listitem> + <para> Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera) </para> diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml index 8817fea473d..da6cf38f70a 100644 --- a/doc/src/sgml/release-9.4.sgml +++ b/doc/src/sgml/release-9.4.sgml @@ -35,6 +35,28 @@ <listitem> <para> + Ensure that all temporary files made + by <application>pg_upgrade</application> are non-world-readable + (Tom Lane, Noah Misch) + </para> + + <para> + <application>pg_upgrade</application> normally restricts its + temporary files to be readable and writable only by the calling user. + But the temporary file containing <literal>pg_dumpall -g</literal> + output would be group- or world-readable, or even writable, if the + user's <literal>umask</literal> setting allows. In typical usage on + multi-user machines, the <literal>umask</literal> and/or the working + directory's permissions would be tight enough to prevent problems; + but there may be people using <application>pg_upgrade</application> + in scenarios where this oversight would permit disclosure of database + passwords to unfriendly eyes. + (CVE-2018-1053) + </para> + </listitem> + + <listitem> + <para> Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera) </para> diff --git a/doc/src/sgml/release-9.5.sgml b/doc/src/sgml/release-9.5.sgml index aa5fa2c5c94..eb99e4b67e8 100644 --- a/doc/src/sgml/release-9.5.sgml +++ b/doc/src/sgml/release-9.5.sgml @@ -35,6 +35,28 @@ <listitem> <para> + Ensure that all temporary files made + by <application>pg_upgrade</application> are non-world-readable + (Tom Lane, Noah Misch) + </para> + + <para> + <application>pg_upgrade</application> normally restricts its + temporary files to be readable and writable only by the calling user. + But the temporary file containing <literal>pg_dumpall -g</literal> + output would be group- or world-readable, or even writable, if the + user's <literal>umask</literal> setting allows. In typical usage on + multi-user machines, the <literal>umask</literal> and/or the working + directory's permissions would be tight enough to prevent problems; + but there may be people using <application>pg_upgrade</application> + in scenarios where this oversight would permit disclosure of database + passwords to unfriendly eyes. + (CVE-2018-1053) + </para> + </listitem> + + <listitem> + <para> Fix vacuuming of tuples that were updated while key-share locked (Andres Freund, Álvaro Herrera) </para> |