[ubuntu/bionic-security] postgresql-10 10.21-0ubuntu0.18.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 24 11:40:01 UTC 2022
postgresql-10 (10.21-0ubuntu0.18.04.1) bionic-security; urgency=medium
* New upstream version (LP: #1973627).
+ A dump/restore is not required for those running 10.X.
+ However, if you are upgrading from a version earlier than 10.19, see
those release notes as well please.
+ Confine additional operations within "security restricted operation"
sandboxes (Sergey Shinderuk, Noah Misch).
Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
and pg_amcheck activated the "security restricted operation" protection
mechanism too late, or even not at all in some code paths. A user having
permission to create non-temporary objects within a database could
define an object that would execute arbitrary SQL code with superuser
permissions the next time that autovacuum processed the object, or that
some superuser ran one of the affected commands against it.
The PostgreSQL Project thanks Alexander Lakhin for reporting this
problem.
(CVE-2022-1552)
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/release-10-21.html
postgresql-10 (10.20-0ubuntu0.18.04.1) bionic; urgency=medium
* New upstream version (LP: #1961127).
+ A dump/restore is not required for those running 10.X.
+ However, if you are upgrading from a version earlier than 10.19, see
those release notes as well please.
+ The PostgreSQL community will stop releasing updates for the 10.X
release series in November 2022. After this date, there will be no
further minor release updates, but Ubuntu will continue to backport
important fixes as needed.
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/release-10-20.html
Date: 2022-05-19 13:52:09.036826+00:00
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-10/10.21-0ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list