[Bug 1971313] Re: Merge postgresql-14 from Debian unstable for kinetic

Sun, 15 May 2022 16:30:53 -0700 

This bug was fixed in the package postgresql-14 - 14.3-1

---------------
postgresql-14 (14.3-1) unstable; urgency=medium

  * New upstream release.

    * Confine additional operations within security restricted operation
      sandboxes (Sergey Shinderuk, Noah Misch)

      Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
      and pg_amcheck activated the security restricted operation protection
      mechanism too late, or even not at all in some code paths. A user having
      permission to create non-temporary objects within a database could
      define an object that would execute arbitrary SQL code with superuser
      permissions the next time that autovacuum processed the object, or that
      some superuser ran one of the affected commands against it.

      The PostgreSQL Project thanks Alexander Lakhin for reporting this
      problem. (CVE-2022-1552)

    * Fix default signature length for gist_ltree_ops indexes
      (Tomas Vondra, Alexander Korotkov)

      The default signature length (hash size) for GiST indexes on ltree
      columns was accidentally changed while upgrading that operator class to
      support operator class parameters. If any operations had been done on
      such an index without first upgrading the ltree extension to version
      1.2, they were done assuming that the signature length was 28 bytes
      rather than the intended 8.  This means it is very likely that such
      indexes are now corrupt.  For safety we recommend re-indexing all GiST
      indexes on ltree columns after installing this update.  (Note that GiST
      indexes on ltree[] columns, that is arrays of ltree, are not affected.)

 -- Christoph Berg <m...@debian.org>  Tue, 10 May 2022 10:34:28 +0200

** Changed in: postgresql-14 (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1552

** Changed in: postgresql-14 (Ubuntu)
       Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971313

Title:
  Merge postgresql-14 from Debian unstable for kinetic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-14/+bug/1971313/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to