[ubuntu/focal-security] postgresql-12 12.18-0ubuntu0.20.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Feb 26 13:27:59 UTC 2024


postgresql-12 (12.18-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #2052850).

    + A dump/restore is not required for those running 12.X.

    + However, one bug was fixed that could have resulted in corruption of
      GIN indexes during concurrent updates.  If you suspect such
      corruption, reindex affected indexes after installing this update.

    + Also, if you are upgrading from a version earlier than 12.17, see
      those release notes as well please.

    + Tighten security restrictions within REFRESH MATERIALIZED
      VIEW CONCURRENTLY (Heikki Linnakangas)

      One step of a concurrent refresh command was run under weak security
      restrictions.  If a materialized view's owner could persuade a
      superuser or other high-privileged user to perform a concurrent
      refresh on that view, the view's owner could control code executed
      with the privileges of the user running REFRESH.
      Fix things so that all user-determined code is run as the view's
      owner, as expected.

      The only known exploit for this error does not work in PostgreSQL
      16.0 and later, so it may be that v16 is not vulnerable in practice.

      The PostgreSQL Project thanks Pedro Gallegos for reporting this
      problem.
      (CVE-2024-0985)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-18.html

  * d/postgresql-12.NEWS: Update.

Date: 2024-02-20 17:45:09.511743+00:00
Changed-By: Athos Ribeiro <athos.ribeiro at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-12/12.18-0ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list