diff options
author | Tom Lane | 2023-02-06 16:43:10 +0000 |
---|---|---|
committer | Tom Lane | 2023-02-06 16:43:10 +0000 |
commit | dfb5ad7cf0d83ac3bb78f0177721f68a6ba60486 (patch) | |
tree | 5006d8a05a3c3cc4882472005fe741b13f838fd4 | |
parent | 28ac6d0a99d57375dbd9bc2acd16fd1127502ef7 (diff) |
Last-minute updates for release notes.
Security: CVE-2022-41862
-rw-r--r-- | doc/src/sgml/release-14.sgml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml index f4d6d11ca4d..f8d317034c2 100644 --- a/doc/src/sgml/release-14.sgml +++ b/doc/src/sgml/release-14.sgml @@ -35,6 +35,35 @@ <listitem> <!-- +Author: Michael Paquier <michael@paquier.xyz> +Branch: master [71c37797d] 2023-02-06 11:20:07 +0900 +Branch: REL_15_STABLE [715c345dd] 2023-02-06 11:20:20 +0900 +Branch: REL_14_STABLE [626f2c1d6] 2023-02-06 11:20:23 +0900 +Branch: REL_13_STABLE [45a945ee9] 2023-02-06 11:20:27 +0900 +Branch: REL_12_STABLE [3f7342671] 2023-02-06 11:20:31 +0900 +--> + <para> + <application>libpq</application> can leak memory contents after + GSSAPI transport encryption initiation fails (Jacob Champion) + </para> + + <para> + A modified server, or an unauthenticated man-in-the-middle, can + send a not-zero-terminated error message during setup of GSSAPI + (Kerberos) transport encryption. <application>libpq</application> + will then copy that string, as well as following bytes in + application memory up to the next zero byte, to its error report. + Depending on what the calling application does with the error + report, this could result in disclosure of application memory + contents. There is also a small probability of a crash due to + reading beyond the end of memory. Fix by properly zero-terminating + the server message. + (CVE-2022-41862) + </para> + </listitem> + + <listitem> +<!-- Author: Tom Lane <tgl@sss.pgh.pa.us> Branch: master [3f7836ff6] 2023-01-05 14:12:17 -0500 Branch: REL_15_STABLE [3706cc97a] 2023-01-05 14:12:17 -0500 |