Log Message:
postgresqlNN: updated to 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24

PostgreSQL 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24

Security Issues

Four security vulnerabilities have been closed by this release:

CVE-2019-10208: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER \ 
execution

Versions Affected: 9.4 - 11

Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary \ 
SQL under the identity of the function owner. An attack requires EXECUTE \ 
permission on the function, which must itself contain a function call having \ 
inexact argument type match. For example, length('foo'::varchar) and \ 
length('foo') are inexact, while length('foo'::text) is exact. As part of \ 
exploiting this vulnerability, the attacker uses CREATE DOMAIN to create a type \ 
in a pg_temp schema. The attack pattern and fix are similar to that for \ 
CVE-2007-2138.

Writing SECURITY DEFINER functions continues to require
following the considerations noted in the documentation:

The PostgreSQL project thanks Tom Lane for reporting this problem.

CVE-2019-10209: Memory disclosure in cross-type comparison for hashed subplan

Versions Affected: 11

In a database containing hypothetical, user-defined hash equality operators, an \ 
attacker could read arbitrary bytes of server memory. For an attack to become \ 
possible, a superuser would need to create unusual operators. It is possible for \ 
operators not purpose-crafted for attack to have the properties that enable an \ 
attack, but we are not aware of specific examples.

The PostgreSQL project thanks Andreas Seltenreich for reporting this problem.

CVE-2019-10210: EnterpriseDB Windows installer writes PostgreSQL superuser \ 
password to unprotected temporary file

Versions Affected: The EnterpriseDB Windows installer for versions 9.4 - 11

The EnterpriseDB Windows installer writes a password to a temporary file in its \ 
installation directory, creates initial databases, and deletes the file. During \ 
those seconds while the file exists, a local attacker can read the PostgreSQL \ 
superuser password from the file.

The PostgreSQL project thanks Noah Misch for reporting this problem.

CVE-2019-10211: EnterpriseDB Windows installer bundled OpenSSL executes code \ 
from unprotected directory

Versions Affected: The EnterpriseDB Windows installer for versions 9.4 - 11

When the database server or libpq client library initializes SSL, libeay32.dll \ 
attempts to read configuration from a hard-coded directory. Typically, the \ 
directory does not exist, but any local user could create it and inject \ 
configuration. This configuration can direct OpenSSL to load and execute \ 
arbitrary code as the user running a PostgreSQL server or client. Most \ 
PostgreSQL client tools and libraries use libpq, and one can encounter this \ 
vulnerability by using any of them. This vulnerability is much like \ 
CVE-2019-5443, but it originated independently. One can work around the \ 
vulnerability by setting environment variable OPENSSL_CONF to \ 
"NUL:/openssl.cnf" or any other name that cannot exist as a file.

The PostgreSQL project thanks Daniel Gustafsson of the curl security team for \ 
reporting this problem.

Bug Fixes and Improvements

This update also fixes over 40 bugs that were reported in the last several \ 
months. Some of these issues affect only version 11, but many affect all \ 
supported versions.

Some of these fixes include:

Fix for ALTER TABLE ... ALTER COLUMN TYPE when multiple column types are \ 
modified in a single-command. This issue was introduced in the previous \ 
cumulative update (11.4, 10.9, 9.6.14, 9.5.18, 9.4.23, and 12 beta 2).
Ensure that partition key columns will not be dropped as the result of an \ 
"indirect drop," such as from a cascade from dropping the key column's \ 
data type (e.g. a custom data type). This fix is applied only to newly created \ 
partitioned tables: if you believe you have an affected partition table (e.g. \ 
one where the partition key uses a custom data type), you will need to either \ 
create a new table and move your data into it OR use pg_upgrade.
Prevent dropping a partitioned table's trigger if there are pending trigger \ 
events in child partitions. This particularly affects foreign key constraints, \ 
which are implemented by triggers.
Several additional fixes for partitioning, including a fix for partition pruning \ 
that could lead to inefficient queries.
Fix for parallel hash joins that could lead to duplicate result rows in EXISTS \ 
queries.
Several fixes for the query planner.
Several fixes for issues that would lead to query deadlocks.
Fix for multi-column foreign keys when rebuilding a foreign key constraint.
Prevent extended statistics from being built for inherited tables.
Fix for the canonicalization of date ranges that include -infinity/infinity \ 
endpoints to ensure the behavior matches the documentation.
Fix loss of fractional digits when converting very large money values to numeric.
Fix for PL/pgSQL functions that return composite types.
Make libpq ignore the \r carriage return in connection service files, which was \ 
causing connection failures in some edge cases.
Several fixes for psql, which includes avoiding incorrect tab completion options \ 
after SET variable =.
Improve reliability of contrib/amcheck's index verification.
Set initdb to prefer the timezone behavior defined by the C library instead of \ 
what is defined by localtime or posixrules. This ensures PostgreSQL uses the \ 
"real" timezone name instead of an artificial name.
Fix pg_dump to ensure that custom operator classes are dumped in the correct \ 
order to prevent creating an unrestorable dump.
Fix possible lockup in pgbench when using -R option.
Fix spinlock assembly code for MIPS CPUs so that it works on MIPS r6.
This update also contains tzdata release 2019b for DST law changes in Brazil, \ 
plus historical corrections for Hong Kong, Italy, and Palestine. This update \ 
also adds support for zic's new -b slim option to reduce the size of the \ 
installed zone files, though it is not currently being used by PostgreSQL.