postgresql-10 10.3-1 source package in Ubuntu
Changelog
postgresql-10 (10.3-1) unstable; urgency=medium
* New upstream version.
If you run an installation in which not all users are mutually
trusting, or if you maintain an application or extension that is
intended for use in arbitrary situations, it is strongly recommended
that you read the documentation changes described in the first changelog
entry below, and take suitable steps to ensure that your installation or
code is secure.
Also, the changes described in the second changelog entry below may
cause functions used in index expressions or materialized views to fail
during auto-analyze, or when reloading from a dump. After upgrading,
monitor the server logs for such problems, and fix affected functions.
+ Document how to configure installations and applications to guard
against search-path-dependent trojan-horse attacks from other users
Using a search_path setting that includes any schemas writable by a
hostile user enables that user to capture control of queries and then
run arbitrary SQL code with the permissions of the attacked user. While
it is possible to write queries that are proof against such hijacking,
it is notationally tedious, and it's very easy to overlook holes.
Therefore, we now recommend configurations in which no untrusted schemas
appear in one's search path.
(CVE-2018-1058)
+ Avoid use of insecure search_path settings in pg_dump and other client
programs
pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
were themselves vulnerable to the type of hijacking described in the
previous changelog entry; since these applications are commonly run by
superusers, they present particularly attractive targets. To make them
secure whether or not the installation as a whole has been secured,
modify them to include only the pg_catalog schema in their search_path
settings. Autovacuum worker processes now do the same, as well.
In cases where user-provided functions are indirectly executed by these
programs -- for example, user-provided functions in index expressions --
the tighter search_path may result in errors, which will need to be
corrected by adjusting those user-provided functions to not assume
anything about what search path they are invoked under. That has always
been good practice, but now it will be necessary for correct behavior.
(CVE-2018-1058)
-- Christoph Berg <email address hidden> Tue, 27 Feb 2018 12:54:34 +0100
Upload details
- Uploaded by:
- Debian PostgreSQL Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian PostgreSQL Maintainers
- Architectures:
- any all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bionic | release | main | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| postgresql-10_10.3-1.dsc | 3.4 KiB | 4d1c2d805241ffe873483c66fa531eac1cd785a6dbcfb452e38591abea5d24c7 |
| postgresql-10_10.3.orig.tar.bz2 | 19.0 MiB | 6ea268780ee35e88c65cdb0af7955ad90b7d0ef34573867f223f14e43467931a |
| postgresql-10_10.3-1.debian.tar.xz | 22.3 KiB | 5349970dd7c757b7dfcaec64d39bc457f15afd65f2307c976a3ce868b49c59bd |
Available diffs
- diff from 10.2-1 to 10.3-1 (1.1 MiB)
No changes file available.
Binary packages built by this source
- libecpg-compat3: older version of run-time library for ECPG programs
The libecpg_compat shared library is used by programs built with ecpg.
(Embedded PostgreSQL for C).
.
PostgreSQL is an object-relational SQL database management system.
- libecpg-compat3-dbgsym: No summary available for libecpg-compat3-dbgsym in ubuntu cosmic.
No description available for libecpg-
compat3- dbgsym in ubuntu cosmic.
- libecpg-dev: development files for ECPG (Embedded PostgreSQL for C)
This package contains the necessary files to build ECPG (Embedded
PostgreSQL for C) programs. It includes the development libraries
and the preprocessor program ecpg.
.
PostgreSQL is an object-relational SQL database management system.
.
Install this package if you want to write C programs with SQL statements
embedded in them (rather than run by an external process).
- libecpg-dev-dbgsym: debug symbols for libecpg-dev
- libecpg6: run-time library for ECPG programs
The libecpg shared library is used by programs built with ECPG
(Embedded PostgreSQL for C).
.
PostgreSQL is an object-relational SQL database management system.
- libecpg6-dbgsym: No summary available for libecpg6-dbgsym in ubuntu cosmic.
No description available for libecpg6-dbgsym in ubuntu cosmic.
- libpgtypes3: shared library libpgtypes for PostgreSQL 10
The libpgtypes shared library is used by programs built with ecpg.
(Embedded PostgreSQL for C).
.
PostgreSQL is an object-relational SQL database management system.
- libpgtypes3-dbgsym: debug symbols for libpgtypes3
- libpq-dev: No summary available for libpq-dev in ubuntu cosmic.
No description available for libpq-dev in ubuntu cosmic.
- libpq5: PostgreSQL C client library
libpq is a C library that enables user programs to communicate with
the PostgreSQL database server. The server can be on another machine
and accessed through TCP/IP. This version of libpq is compatible
with servers from PostgreSQL 8.2 or later.
.
This package contains the run-time library, needed by packages using
libpq.
.
PostgreSQL is an object-relational SQL database management system.
- libpq5-dbgsym: debug symbols for libpq5
- postgresql-10: No summary available for postgresql-10 in ubuntu cosmic.
No description available for postgresql-10 in ubuntu cosmic.
- postgresql-10-dbgsym: No summary available for postgresql-10-dbgsym in ubuntu cosmic.
No description available for postgresql-
10-dbgsym in ubuntu cosmic.
- postgresql-client-10: front-end programs for PostgreSQL 10
This package contains client and administrative programs for
PostgreSQL: these are the interactive terminal client psql and
programs for creating and removing users and databases.
.
This is the client package for PostgreSQL 10. If you install
PostgreSQL 10 on a standalone machine, you need the server package
postgresql-10, too. On a network, you can install this package on
many client machines, while the server package may be installed on
only one machine.
.
PostgreSQL is an object-relational SQL database management system.
- postgresql-client-10-dbgsym: debug symbols for postgresql-client-10
- postgresql-doc-10: No summary available for postgresql-doc-10 in ubuntu cosmic.
No description available for postgresql-doc-10 in ubuntu cosmic.
- postgresql-plperl-10: PL/Perl procedural language for PostgreSQL 10
PL/Perl enables an SQL developer to write procedural language functions
for PostgreSQL 10 in Perl. You need this package if you have any
PostgreSQL 10 functions that use the languages plperl or plperlu.
.
PostgreSQL is an object-relational SQL database management system.
- postgresql-plperl-10-dbgsym: No summary available for postgresql-plperl-10-dbgsym in ubuntu cosmic.
No description available for postgresql-
plperl- 10-dbgsym in ubuntu cosmic.
- postgresql-plpython-10: PL/Python procedural language for PostgreSQL 10
PL/Python enables an SQL developer to write procedural language functions
for PostgreSQL 10 in Python. You need this package if you have any
PostgreSQL 10 functions that use the languages plpython or plpythonu.
.
PostgreSQL is an object-relational SQL database management system.
- postgresql-plpython-10-dbgsym: No summary available for postgresql-plpython-10-dbgsym in ubuntu cosmic.
No description available for postgresql-
plpython- 10-dbgsym in ubuntu cosmic.
- postgresql-plpython3-10: PL/Python 3 procedural language for PostgreSQL 10
PL/Python 3 enables an SQL developer to write procedural language functions
for PostgreSQL 10 in Python 3. You need this package if you have any
PostgreSQL 10 functions that use the languages plpython3 or plpython3u.
.
PostgreSQL is an object-relational SQL database management system.
- postgresql-plpython3-10-dbgsym: No summary available for postgresql-plpython3-10-dbgsym in ubuntu cosmic.
No description available for postgresql-
plpython3- 10-dbgsym in ubuntu cosmic.
- postgresql-pltcl-10: PL/Tcl procedural language for PostgreSQL 10
PL/Tcl enables an SQL developer to write procedural language functions
for PostgreSQL 10 in Tcl. You need this package if you have any
PostgreSQL 10 functions that use the languages pltcl or pltclu.
.
PostgreSQL is an object-relational SQL database management system.
- postgresql-pltcl-10-dbgsym: debug symbols for postgresql-pltcl-10
- postgresql-server-dev-10: development files for PostgreSQL 10 server-side programming
Header files for compiling SSI code to link into PostgreSQL's backend; for
example, for C functions to be called from SQL.
.
This package also contains the Makefiles necessary for building add-on
modules of PostgreSQL, which would otherwise have to be built in the
PostgreSQL source-code tree.
.
PostgreSQL is an object-relational SQL database management system.
- postgresql-server-dev-10-dbgsym: No summary available for postgresql-server-dev-10-dbgsym in ubuntu cosmic.
No description available for postgresql-
server- dev-10- dbgsym in ubuntu cosmic.
