-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 May 2024 11:24:26 +0200 Source: postgresql-15 Binary: postgresql-doc-15 Architecture: all Version: 15.7-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Christoph Berg Description: postgresql-doc-15 - documentation for the PostgreSQL database management system Changes: postgresql-15 (15.7-0+deb12u1) bookworm; urgency=medium . * New upstream version. . + Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (Nathan Bossart) . These views failed to hide statistics for expressions that involve columns the accessing user does not have permission to read. View columns such as most_common_vals might expose security-relevant data. The potential interactions here are not fully clear, so in the interest of erring on the side of safety, make rows in these views visible only to the owner of the associated table. . The PostgreSQL Project thanks Lukas Fittl for reporting this problem. (CVE-2024-4317) . By itself, this fix will only fix the behavior in newly initdb'd database clusters. If you wish to apply this change in an existing cluster, you will need to do the following: . In each database of the cluster, run the fix-CVE-2024-4317.sql script as superuser. In psql this would look like \i /usr/share/postgresql/15/fix-CVE-2024-4317.sql Any error probably indicates that you've used the wrong script version. It will not hurt to run the script more than once. . Do not forget to include the template0 and template1 databases, or the vulnerability will still exist in databases you create later. To fix template0, you'll need to temporarily make it accept connections. Do that with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true; and then after fixing template0, undo it with ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false; Checksums-Sha1: bdcaac861214278bdfa5056646eb9a9f5ba83889 10366 postgresql-15_15.7-0+deb12u1_all-buildd.buildinfo accf707cd414e6dbd8eef0f5ad388a2b25ffaa6b 2037964 postgresql-doc-15_15.7-0+deb12u1_all.deb Checksums-Sha256: 33644452de875fb18a98c411ec7230ea3c75ade2dc4482f10147f87455a242f9 10366 postgresql-15_15.7-0+deb12u1_all-buildd.buildinfo 9dcace0cac78e60b629010f7f16d5bd8f1e8c5f0a24152155cc3d0836ad2026a 2037964 postgresql-doc-15_15.7-0+deb12u1_all.deb Files: 705b6d8f0b7b540a28622d72a7ff19b1 10366 database optional postgresql-15_15.7-0+deb12u1_all-buildd.buildinfo 6d7e829e513d715571753d4c8bc8de76 2037964 doc optional postgresql-doc-15_15.7-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmZLwMkACgkQ4cagXJhO TXt5ABAAx59IRFkfeknX1nqz60bPhaj4SP7SFaFBClKtMBFki+KfgQalUkQVgUuE a6rg+qBtwbb3UEhlz9M8VPtP434W5n5bagidEQsVaMJY//omyZGxjKOSbl9FSfn7 vo7KH9fnY/n9yliTn7g+xGfLzGr+z+M1HGkS2gSIK9DqGM/8B2J4rOK880BVukhn 6R6diSdU8Femz2VtteG5DjciQEu+5151jpTdBSMWiGytAdWKSrRnXGZ5+v4ok94l qAwYNMz4xzFB/JtUC3bePJK0OaMgJ+neqsqLIY6lC8uC8KFxOD5kMKxJS2pHDdsC wqdcufz3CURQ8guZGX1X56AJ9OdB4f/vrM+E+XVLDiitsXB2n3Gp0E/I+n5/ORWW 70Sy8zewH6vd8wWrA2Ks4plgRIL841bChoK0u5Irs4ispwzFB7zRVwqjEPc1+Nz7 nxoFwyGsVAATMCVASyQlzqWEZR6vQhPQdWzLZXtGIjfayFqzGL5RyEi7C5SJvdvu DJ+th5aNkz2qIrlJOoZk1HYL6q5mOpvPD1AT2sJqM53ET/4qni4jKl+lCx1zQrKt Llfl/V5PltXx6Lju1FParW4ENgrzwONTMuV6N3gfUsaVnDEBosNjS+JRFd16bn3m iEy27FWahVALDDQoNN6Ko73kj4/SXfqTCaQUzEStlBP/UN9bpC0= =ihlQ -----END PGP SIGNATURE-----