[ubuntu/noble-updates] postgresql-16 16.2-1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Sat Mar 30 00:34:14 UTC 2024
postgresql-16 (16.2-1) unstable; urgency=medium
* New upstream version.
* Tighten security restrictions within REFRESH MATERIALIZED VIEW
CONCURRENTLY (Heikki Linnakangas)
One step of a concurrent refresh command was run under weak security
restrictions. If a materialized view's owner could persuade a superuser
or other high-privileged user to perform a concurrent refresh on that
view, the view's owner could control code executed with the privileges
of the user running REFRESH. Fix things so that all user-determined code
is run as the view's owner, as expected.
The only known exploit for this error does not work in PostgreSQL 16.0
and later, so it may be that v16 is not vulnerable in practice.
The PostgreSQL Project thanks Pedro Gallegos for reporting this problem.
(CVE-2024-0985)
* Add Swedish debconf translation by Martin Bagge and Anders Jonsson.
Thanks! (Closes: #1059170)
Date: 2024-02-08 16:36:52.019428+00:00
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-16/16.2-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list