Ubuntu

New security/bug fix microreleases: 8.1.18, 8.3.8

Reported by Martin Pitt on 2009-09-16
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-8.1 (Ubuntu)
Undecided
Unassigned
Dapper
High
Martin Pitt
Hardy
Undecided
Unassigned
Intrepid
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned
postgresql-8.3 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
High
Martin Pitt
Intrepid
High
Martin Pitt
Jaunty
High
Martin Pitt
Karmic
Undecided
Unassigned

Bug Description

Binary package hint: postgresql-8.3

PostgreSQL recently published new point releases which fix the usual range of important bugs (data loss/wrong results, etc.) and
additionally fix another case of insecure "security definer" functions (the analogon to setuid programs in file system space for SQL
functions) (CVE-2007-6600).

Complete list of changes:

 8.1 (dapper): http://www.postgresql.org/docs/8.1/static/release.html#RELEASE-8-1-18
 8.3 (lenny/hardy/intrepid/jaunty): http://www.postgresql.org/docs/8.3/static/release-8-3-8.html

CVE References

Martin Pitt (pitti) wrote :

Karmic is already fixed, I uploaded the new version to sid and synced:

postgresql-8.3 | 8.3.8-1 | karmic/universe | source, amd64, i386

No regression reports until now, for about a week.

Changed in postgresql-8.1 (Ubuntu Dapper):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → Triaged
Changed in postgresql-8.1 (Ubuntu Hardy):
status: New → Invalid
Changed in postgresql-8.1 (Ubuntu Jaunty):
status: New → Invalid
Changed in postgresql-8.1 (Ubuntu Karmic):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Dapper):
status: New → Invalid
Changed in postgresql-8.1 (Ubuntu Intrepid):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Karmic):
status: New → Fix Released
Changed in postgresql-8.3 (Ubuntu Hardy):
status: New → In Progress
Changed in postgresql-8.3 (Ubuntu Intrepid):
status: New → In Progress
Changed in postgresql-8.3 (Ubuntu Jaunty):
status: New → In Progress
Changed in postgresql-8.3 (Ubuntu Hardy):
assignee: nobody → Martin Pitt (pitti)
Changed in postgresql-8.3 (Ubuntu Intrepid):
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti) on 2009-09-16
Changed in postgresql-8.3 (Ubuntu Jaunty):
assignee: nobody → Martin Pitt (pitti)
Martin Pitt (pitti) on 2009-09-16
Changed in postgresql-8.1 (Ubuntu Dapper):
status: Triaged → In Progress
Martin Pitt (pitti) wrote :

I prepared all updates and put them to:

  http://people.canonical.com/~pitti/tmp/postgresql-430544/

They pass the upstream regression tests (run during package build) and the integration tests (from postgresql-common) in all releases. I will re-run the integration tests with the actual .debs which will be published once they hit -proposed.

Now I assume that they need to be uploaded to https://launchpad.net/~ubuntu-security-proposed/+archive/ppa and then copied to -proposed. For that I assume the security team has to re-sign the .changes with their key and upload?

Please advise how to continue. Thanks!

Jamie Strandboge (jdstrand) wrote :

I'll sign and upload. Thanks Martin!

Jamie Strandboge (jdstrand) wrote :

Martin,

These have now been uploaded to https://launchpad.net/~ubuntu-security-proposed/+archive/ppa. Feel free to pocket copy them to -proposed when they finish building. If you need me to do it, let me know.

Changed in postgresql-8.1 (Ubuntu Dapper):
status: In Progress → Fix Committed
Changed in postgresql-8.3 (Ubuntu Hardy):
status: In Progress → Fix Committed
Changed in postgresql-8.3 (Ubuntu Intrepid):
status: In Progress → Fix Committed
Changed in postgresql-8.3 (Ubuntu Jaunty):
status: In Progress → Fix Committed
Changed in postgresql-8.3 (Ubuntu Hardy):
importance: Undecided → High
Changed in postgresql-8.3 (Ubuntu Intrepid):
importance: Undecided → High
Changed in postgresql-8.3 (Ubuntu Jaunty):
importance: Undecided → High
Jamie Strandboge (jdstrand) wrote :

These have all been copied to proposed.

Martin Pitt (pitti) wrote :

Accepted postgresql-8.1 into dapper-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Martin Pitt (pitti) wrote :

Accepted postgresql-8.3 into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Martin Pitt (pitti) wrote :

Accepted postgresql-8.3 into intrepid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Martin Pitt (pitti) wrote :

Accepted postgresql-8.3 into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Leonel Nunez (leonelnunez) wrote :

Just Upgraded on Jaunty,Intrepid, Hardy All upgrades went fine no errors
I'll setup a Dapper VM to test there too

I'll do more testing

Martin Pitt (pitti) wrote :

I re-ran the postgresql-common integration test suite against the actual .debs from -proposed on all releases, all pass. Since they all built, they also passed the upstream regression tests on all architectures.

I consider this good to go.

tags: added: verification-done
removed: verification-needed
Leonel Nunez (leonelnunez) wrote :

Tested on Dapper, Upgrade went fine, no errors
basic tests no problems found

Leonel Nunez [2009-09-18 15:17 -0000]:
> Tested on Dapper, Upgrade went fine, no errors
> basic tests no problems found

Thanks, Leonel, for your testing feedback! Much appreciated.

Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.8-0ubuntu8.04

---------------
postgresql-8.3 (8.3.8-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather tha...

Read more...

Changed in postgresql-8.3 (Ubuntu Hardy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.8-0ubuntu8.10

---------------
postgresql-8.3 (8.3.8-0ubuntu8.10) intrepid-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather ...

Read more...

Changed in postgresql-8.3 (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.8-0ubuntu9.04

---------------
postgresql-8.3 (8.3.8-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release: (LP: #430544)
    - Disallow "RESET ROLE" and "RESET SESSION AUTHORIZATION" inside
      security-definer functions. This covers a case that was missed in the
      previous patch that disallowed "SET ROLE" and "SET SESSION
      AUTHORIZATION" inside security-definer functions. [CVE-2007-6600]
    - Force WAL segment switch during pg_start_backup(). This avoids corner
      cases that could render a base backup unusable.
    - Make "LOAD" of an already-loaded loadable module into a no-op.
      Formerly, "LOAD" would attempt to unload and re-load the module,
      but this is unsafe and not all that useful.
    - Disallow empty passwords during LDAP authentication.
    - Fix handling of sub-SELECTs appearing in the arguments of an
      outer-level aggregate function.
    - Fix bugs associated with fetching a whole-row value from the output
      of a Sort or Materialize plan node.
    - Prevent synchronize_seqscans from changing the results of
      scrollable and WITH HOLD cursors.
    - Revert planner change that disabled partial-index and constraint
      exclusion optimizations when there were more than 100 clauses in an
      AND or OR list.
    - Fix hash calculation for data type interval. This corrects wrong results
      for hash joins on interval values. It also changes the contents of hash
      indexes on interval columns. If you have any such indexes, you must
      "REINDEX" them after updating.
    - Treat to_char(..., 'TH') as an uppercase ordinal suffix with
      'HH'/'HH12'. It was previously handled as 'th' (lowercase).
    - Fix overflow for INTERVAL 'x ms' when "x" is more than 2 million
      and integer datetimes are in use.
    - Fix calculation of distance between a point and a line segment.
      This led to incorrect results from a number of geometric operators.
    - Fix money data type to work in locales where currency amounts have
      no fractional digits, e.g. Japan.
    - Fix LIKE for case where pattern contains %_.
    - Properly round datetime input like 00:12:57.9999999999999999999999999999.
    - Fix memory leaks in XML operations.
    - Fix poor choice of page split point in GiST R-tree operator classes.
    - Ensure that a "fast shutdown" request will forcibly terminate open
      sessions, even if a "smart shutdown" was already in progress.
    - Avoid performance degradation in bulk inserts into GIN indexes when
      the input values are (nearly) in sorted order.
    - Correctly enforce NOT NULL domain constraints in some contexts in
      PL/pgSQL.
    - Fix portability issues in plperl initialization.
    - Fix pg_ctl to not go into an infinite loop if "postgresql.conf" is
      empty.
    - Improve pg_dump's efficiency when there are many large objects.
    - Use SIGUSR1, not SIGQUIT, as the failover signal for pg_standby.
    - Make pg_standby's maxretries option behave as documented.
    - Make "contrib/hstore" throw an error when a key or value is too
      long to fit in its data structure, rather th...

Read more...

Changed in postgresql-8.3 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Martin Pitt (pitti) on 2009-09-21
Changed in postgresql-8.1 (Ubuntu Dapper):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers