attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915) • Ensure that updates to the relfrozenxid and relminmxid values for “nailed” system catalogs 35.15.1 (for extension authors), and CREATE FUNCTION (for authors of SECURITY DEFINER functions). (CVE-2018-1058) • Avoid use of insecure search_path settings in pg_dump and other client programs (Noah invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058) • Fix misbehavior of concurrent-update rechecks with CTE references appearing in subplans

attack scenarios are harder to think of. Our thanks to Andrew Krasichkov for reporting this issue. (CVE-2018-10915) • Ensure that updates to the relfrozenxid and relminmxid values for “nailed” system catalogs 35.15.1 (for extension authors), and CREATE FUNCTION (for authors of SECURITY DEFINER functions). (CVE-2018-1058) • Avoid use of insecure search_path settings in pg_dump and other client programs (Noah invoked under. That has always been good practice, but now it will be necessary for correct behavior. (CVE-2018-1058) • Fix misbehavior of concurrent-update rechecks with CTE references appearing in subplans

need to be removed or renamed out of the way before restarting the server with the corrected script. (CVE-2017-12172) • Properly reject attempts to convert infinite float values to type numeric (Tom Lane pg_user_mappings.umoptions, to protect passwords stored as user mapping options (Noah Misch) The fix for CVE-2017-7486 was incorrect: it allowed a user to see the options in her own user mapping, even if she user_mapping_options does not show the options in such cases, pg_user_mappings should not either. (CVE-2017-7547) By itself, this patch will only fix the behavior in newly initdb’d databases. If you wish

need to be removed or renamed out of the way before restarting the server with the corrected script. (CVE-2017-12172) 1. https://archives.postgresql.org/pgsql-committers/ 2. https://git.postgresql.org/gitweb pg_user_mappings.umoptions, to protect passwords stored as user map- ping options (Noah Misch) The fix for CVE-2017-7486 was incorrect: it allowed a user to see the options in her own user mapping, even if she user_mapping_options does not show the options in such cases, pg_user_mappings should not either. (CVE-2017-7547) By itself, this patch will only fix the behavior in newly initdb’d databases. If you wish

result; moreover such situations could be abused to allow disclosure of portions of server memory. (CVE-2016-5423) • Fix client programs’ handling of special characters in database and role names (Noah privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. (CVE-2016-5424) 1858 Appendix E. Release Notes • Fix corner-case misbehaviors for IS NULL/IS NOT NULL bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773) • Perform an immediate shutdown if the postmaster.pid file is removed (Tom Lane) The postmaster

result; moreover such situations could be abused to allow disclosure of portions of server memory. (CVE-2016-5423) • Fix client programs’ handling of special characters in database and role names (Noah privileges the next time a superuser executes pg_dumpall or other routine maintenance operations. (CVE-2016-5424) • Fix corner-case misbehaviors for IS NULL/IS NOT NULL applied to nested composite values bracket expressions could cause infinite loops in some cases, and memory overwrites in other cases. (CVE-2016-0773) • Perform an immediate shutdown if the postmaster.pid file is removed (Tom Lane) The postmaster

unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue. (CVE-2015-3165) • Improve detection of system-call failures (Noah Misch) Our replacement implementation just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166) • In contrib/pgcrypto, uniformly report decryption failures as “Wrong key or corrupt data” are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167) • Fix incorrect checking of deferred exclusion constraints after a HOT update (Tom Lane)

unauthenticated remote attacker could trigger the bug somewhat consistently, hence treat as security issue. (CVE-2015-3165) • Improve detection of system-call failures (Noah Misch) Our replacement implementation just the wrong time. We judge the risk to not be large, but will continue analysis in this area. (CVE-2015-3166) • In contrib/pgcrypto, uniformly report decryption failures as “Wrong key or corrupt data” are likewise exploitable, it seems better to avoid the risk by using a one-size-fits-all message. (CVE-2015-3167) • Fix incorrect checking of deferred exclusion constraints after a HOT update (Tom Lane)

to execute arbitrary code as the operating-system user running the test, as we previously noted in CVE-2014-0067. This change defends against that risk by placing the server’s socket in a temporary, mode could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) • Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) • Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund)

to execute arbitrary code as the operating-system user running the test, as we previously noted in CVE-2014-0067. This change defends against that risk by placing the server’s socket in a tempo- rary, mode could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. (CVE-2014-0060) • Prevent privilege escalation via manual calls to PL validator functions (Andres Freund) procedural languages will also need to make this change to their own validator functions, if any. (CVE-2014-0061) • Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund)