Ubuntu

Security/bug fix release: 8.4.2, 8.3.9, 8.1.19

Reported by Martin Pitt on 2009-12-15
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-8.1 (Ubuntu)
Undecided
Unassigned
Dapper
High
Jamie Strandboge
Hardy
Undecided
Unassigned
Intrepid
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
postgresql-8.3 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
High
Jamie Strandboge
Intrepid
High
Jamie Strandboge
Jaunty
High
Jamie Strandboge
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
postgresql-8.4 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Intrepid
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
High
Jamie Strandboge
Lucid
Undecided
Unassigned

Bug Description

Binary package hint: postgresql-8.4

Yesterday PostgreSQL released new security/bug fix microreleases. Please see

  http://www.postgresql.org/about/news.1170

for the announcement and

  http://www.postgresql.org/support/security

for some details about the security fixes.

As discussed with Jamie, I'd like to see those in security-proposed for about a week, and I'll watch the upstream lists for regression reports. I'll also send out a call for testing once they are built.

Martin Pitt (pitti) wrote :

I uploaded 8.4.2 and 8.3.9 to lucid yesterday.

Changed in postgresql-8.1 (Ubuntu Hardy):
status: New → Invalid
Changed in postgresql-8.1 (Ubuntu Intrepid):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu Lucid):
status: New → Fix Released
Changed in postgresql-8.1 (Ubuntu Jaunty):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Lucid):
status: New → Fix Released
Changed in postgresql-8.1 (Ubuntu Karmic):
status: New → Invalid
Changed in postgresql-8.3 (Ubuntu Dapper):
status: New → Invalid
Changed in postgresql-8.1 (Ubuntu Lucid):
status: New → Invalid
Martin Pitt (pitti) wrote :

8.3 is not supported in Karmic any more, so I'll wontfix that.

Changed in postgresql-8.3 (Ubuntu Karmic):
status: New → Won't Fix
Changed in postgresql-8.4 (Ubuntu Dapper):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu Hardy):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu Jaunty):
status: New → Invalid
Changed in postgresql-8.4 (Ubuntu Intrepid):
status: New → Invalid
Martin Pitt (pitti) on 2009-12-15
visibility: private → public
Martin Pitt (pitti) wrote :

Jaunty update prepared and tested: http://people.canonical.com/~pitti/packages/psql/jaunty

(orig.tar.gz for 8.3.9 and 8.4.2 are already in the archive)

Changed in postgresql-8.3 (Ubuntu Jaunty):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → In Progress
Martin Pitt (pitti) wrote :
Changed in postgresql-8.4 (Ubuntu Karmic):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → In Progress
Martin Pitt (pitti) wrote :
Changed in postgresql-8.3 (Ubuntu Intrepid):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → In Progress
Martin Pitt (pitti) wrote :
Changed in postgresql-8.3 (Ubuntu Hardy):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → In Progress
Martin Pitt (pitti) wrote :
Changed in postgresql-8.1 (Ubuntu Dapper):
assignee: nobody → Martin Pitt (pitti)
importance: Undecided → High
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :
Martin Pitt (pitti) wrote :

Thanks, Jamie! I blogged a call for testing.

Jamie Strandboge (jdstrand) wrote :

Martin,

Sure, no problem, though due to buildd issues, we are still waiting on lpia and powerpc (which is why I haven't pocket copied them to -proposed yet). If you notice that lpia and powerpc finish before I do, feel free to pocket copy them to -proposed (or ping me to do so). For an example of how to do that, see https://wiki.ubuntu.com/ArchiveAdministration#Publishing%20packages%20from%20the%20ubuntu-mozilla-security%20public%20PPA.

Leonel Nunez (leonelnunez) wrote :

Hardy and Karmic Packages from ubuntu-security-proposed ppa Install and work fine no problems found
still testing

Jamie Strandboge (jdstrand) wrote :

Martin,

These have now been pocket copied to -proposed, with the appropriate change-overrides.py applied. When ready, feel free to pocket copy to -security and ping a security team member for the USN publication.

Jamie Strandboge (jdstrand) wrote :

Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Martin Pitt (pitti) wrote :

I ran the test suites again on the actual binaries from -proposed, all pass. No regression reports so far either.

I think this is good to go to *-security/*-updates now.

Changed in postgresql-8.1 (Ubuntu Dapper):
assignee: Martin Pitt (pitti) → Jamie Strandboge (jdstrand)
status: In Progress → Fix Committed
Changed in postgresql-8.3 (Ubuntu Hardy):
assignee: Martin Pitt (pitti) → Jamie Strandboge (jdstrand)
status: In Progress → Fix Committed
Changed in postgresql-8.4 (Ubuntu Karmic):
assignee: Martin Pitt (pitti) → Jamie Strandboge (jdstrand)
status: In Progress → Fix Committed
Changed in postgresql-8.3 (Ubuntu Jaunty):
assignee: Martin Pitt (pitti) → Jamie Strandboge (jdstrand)
status: In Progress → Fix Committed
tags: added: verification-done
removed: verification-needed
Changed in postgresql-8.3 (Ubuntu Intrepid):
assignee: Martin Pitt (pitti) → Jamie Strandboge (jdstrand)
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.9-0ubuntu8.04

---------------
postgresql-8.3 (8.3.9-0ubuntu8.04) hardy-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal. Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packet...

Read more...

Changed in postgresql-8.3 (Ubuntu Hardy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.9-0ubuntu8.10

---------------
postgresql-8.3 (8.3.9-0ubuntu8.10) intrepid-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal. Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request pac...

Read more...

Changed in postgresql-8.3 (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package postgresql-8.3 - 8.3.9-0ubuntu9.04

---------------
postgresql-8.3 (8.3.9-0ubuntu9.04) jaunty-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint. It's better to treat the problem as non-fatal and
      allow the checkpoint to complete. Future checkpoints will retry the
      removal. Such problems are not expected in normal operation, but have
      been seen to be caused by misdesigned Windows anti-virus and backup
      software.
    - Fix PAM password processing to be more robust.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Re-enable collection of access statistics for sequences. This used to
      work but was broken in 8.3.
    - Fix processing of ownership dependencies during CREATE OR REPLACE
      FUNCTION.
    - Fix incorrect handling of WHERE "x"="x" conditions.
      In some cases these could get ignored as redundant, but they aren't
      -- they're equivalent to "x" IS NOT NULL.
    - Make text search parser accept underscores in XML attributes.
    - Fix encoding handling in xml binary input. If the XML header doesn't
      specify an encoding, we now assume UTF-8 by default; the previous
      handling was inconsistent.
    - Fix bug with calling plperl from plperlu or vice versa.
    - Fix session-lifespan memory leak when a PL/Perl function is
      redefined.
    - Ensure that Perl arrays are properly converted to PostgreSQL arrays
      when returned by a set-returning PL/Perl function.
    - Fix rare crash in exception processing in PL/Python.
    - Make the postmaster ignore any application_name parameter in
      connection request packe...

Read more...

Changed in postgresql-8.3 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.6 KiB)

This bug was fixed in the package postgresql-8.4 - 8.4.2-0ubuntu9.10

---------------
postgresql-8.4 (8.4.2-0ubuntu9.10) karmic-security; urgency=low

  * New upstream security/bug fix release: (LP: #496923)
    - Protect against indirect security threats caused by index functions
      changing session-local state. This change prevents allegedly-immutable
      index functions from possibly subverting a superuser's session
      (CVE-2009-4136).
    - Reject SSL certificates containing an embedded null byte in the
      common name (CN) field. This prevents unintended matching of a
      certificate to a server or client name during SSL validation
      (CVE-2009-4034).
    - Fix hash index corruption. The 8.4 change that made hash indexes keep
      entries sorted by hash value failed to update the bucket splitting and
      compaction routines to preserve the ordering. So application of either
      of those operations could lead to permanent corruption of an index, in
      the sense that searches might fail to find entries that are present. To
      deal with this, it is recommended to REINDEX any hash indexes you may
      have after installing this update.
    - Fix possible crash during backend-startup-time cache initialization.
    - Avoid crash on empty thesaurus dictionary.
    - Prevent signals from interrupting VACUUM at unsafe times.
    - Fix possible crash due to integer overflow in hash table size
      calculation.
    - Fix crash if a DROP is attempted on an internally-dependent object.
    - Fix very rare crash in inet/cidr comparisons.
    - Ensure that shared tuple-level locks held by prepared transactions
      are not ignored.
    - Fix premature drop of temporary files used for a cursor that is
      accessed within a subtransaction.
    - Fix memory leak in syslogger process when rotating to a new CSV
      logfile.
    - Fix memory leak in postmaster when re-parsing "pg_hba.conf".
    - Make FOR UPDATE/SHARE in the primary query not propagate into WITH
      queries.
    - Fix bug with a WITH RECURSIVE query immediately inside another one.
    - Fix concurrency bug in hash indexes.
    - Fix incorrect logic for GiST index page splits, when the split
      depends on a non-first column of the index.
    - Fix wrong search results for a multi-column GIN index with
      fastupdate enabled.
    - Fix bugs in WAL entry creation for GIN indexes.
    - Don't error out if recycling or removing an old WAL file fails at
      the end of checkpoint.
    - Fix PAM password processing to be more robust.
      The previous code is known to fail with the combination of the
      Linux pam_krb5 PAM module with Microsoft Active Directory as the
      domain controller. It might have problems elsewhere too, since it
      was making unjustified assumptions about what arguments the PAM
      stack would pass to it.
    - Raise the maximum authentication token (Kerberos ticket) size in
      GSSAPI and SSPI authentication methods. While the old 2000-byte limit
      was more than enough for Unix Kerberos implementations, tickets issued
      by Windows Domain Controllers can be much larger.
    - Ensure that domain constraints are enf...

Read more...

Changed in postgresql-8.4 (Ubuntu Karmic):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

It's in dapper-security as well now.

Changed in postgresql-8.1 (Ubuntu Dapper):
status: Fix Committed → Fix Released
r12056 (r12056) on 2010-02-07
Changed in postgresql-8.3 (Ubuntu Lucid):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in postgresql-8.4 (Ubuntu Lucid):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in postgresql-8.4 (Ubuntu Lucid):
assignee: Jamie Strandboge (jdstrand) → nobody
Changed in postgresql-8.3 (Ubuntu Lucid):
assignee: Jamie Strandboge (jdstrand) → nobody
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers