CVE-2012-0866: Permissions on a function called by a trigger are not checked.
This fix prevents users from defining triggers which execute functions on which the user does not have EXECUTE permission.
CREATE TRIGGER failed to make any permissions check on the trigger function to be called. An unprivileged database user could attach a trigger function to a table they owned and cause it to be called on data of their choosing. Normally, this would execute with the permissions of a table owner, and thus not give additional capability. However, if a trigger function is marked SECURITY DEFINER, privilege escalation is possible.
CVE-2012-0867: SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances.
This fixes SSL common name truncation, which could allow hijacking of an SSL connection under exceptional circumstances.
When using SSL certificates, both clients and servers can be configured to verify the other's host name against the common name in the certificate it presents. However, the name extracted from the certificate was incorrectly truncated to 32 characters. Normally that just results in a verification failure, but if the actual host name of a machine is exactly 32 characters long, it could, in principle, be spoofed. The risk of this actually happening appears unlikely, and an attacker would still need to take additional steps outside of PostgreSQL to succeed with an exploit.
CVE-2012-0868: Line breaks in object names can be exploited to execute code when loading a pg_dump file.
This fix removes 'n' and 'r' from dumpfile comments.
pg_dump copied object names into comments in a SQL script without sanitizing them. An object name that includes a newline followed by an SQL command would result in a dump script in which the SQL command is exposed for execution. When and if the dump script is reloaded, the command would be executed with the privileges of whoever is running the script - often a superuser.
All supported versions of PostgreSQL are affected. See the release notes for each version for a full list of changes with details of the fixes and steps.
I'll get the updated versions in the tree this evening.
Thanks for the bug, Aaron.
Stable for HPPA.
Stable on alpha.
x86 stable. Thanks
Thanks, everyone. GLSA request filed.
PostgreSQL 8.2 has been removed from the tree. No affected versions left in tree.
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18,
8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows
user-assisted remote attackers to execute arbitrary SQL commands via a
crafted file containing object names with newlines, which are inserted into
an SQL script that is used when the database is restored.
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
truncates the common name to only 32 characters when verifying SSL
certificates, which allows remote attackers to spoof connections when the
host name is exactly 32 characters.
CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x
before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute
permission for trigger functions marked SECURITY DEFINER, which allows
remote authenticated users to execute otherwise restricted triggers on
arbitrary data by installing the trigger on an attacker-owned table.
This issue was resolved and addressed in
GLSA 201209-24 at http://security.gentoo.org/glsa/glsa-201209-24.xml
by GLSA coordinator Sean Amoss (ackle).