[ubuntu/focal-security] postgresql-12 12.20-0ubuntu0.20.04.1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Aug 19 14:51:33 UTC 2024 

postgresql-12 (12.20-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #2076183).

    + A dump/restore is not required for those running 12.X.

    + However, if you are upgrading from a version earlier than 12.18, see
      those release notes as well please.

    + Prevent unauthorized code execution during pg_dump (Masahiko Sawada)

      An attacker able to create and drop non-temporary objects could inject
      SQL code that would be executed by a concurrent pg_dump session with the
      privileges of the role running pg_dump (which is often a superuser).
      The attack involves replacing a sequence or similar object with a view
      or foreign table that will execute malicious code.  To prevent this,
      introduce a new server parameter restrict_nonsystem_relation_kind that
      can disable expansion of non-builtin views as well as access to foreign
      tables, and teach pg_dump to set it when available.  Note that the
      attack is prevented only if both pg_dump and the server it is dumping
      from are new enough to have this fix.

      The PostgreSQL Project thanks Noah Misch for reporting this problem.
      (CVE-2024-7348)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-20.html.

  * d/postgresql-12.NEWS: Update.

postgresql-12 (12.19-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream version (LP: #2067388).

    + A dump/restore is not required for those running 12.X.

    + Also, if you are upgrading from a version earlier than 12.18, see
      those release notes as well please.

    + Fix INSERT from multiple VALUES rows into a target column that is a
      domain over an array or composite type (Tom Lane)

      Such cases would either fail with surprising complaints about
      mismatched datatypes, or insert unexpected coercions that could lead
      to odd results.

    + Fix incorrect pruning of NULL partition when a table is partitioned
      on a boolean column and the query has a boolean IS NOT clause (David
      Rowley)

      A NULL value satisfies a clause such as boolcol IS NOT FALSE, so
      pruning away a partition containing NULLs yielded incorrect answers.

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-19.html

  * d/postgresql-12.NEWS: Update.

Date: 2024-08-13 17:00:14.306589+00:00
Changed-By: Athos Ribeiro <athos.ribeiro at canonical.com>
Signed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/postgresql-12/12.20-0ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list