Univention Bugzilla – Bug 54751
postgresql-11: Multiple issues (5.0)
Last modified: 2022-05-18 15:48:41 CEST
New Debian postgresql-11 11.16-0+deb10u1 fixes: This update addresses the following issue: * postgresql-11 (CVE-2022-1552)
--- mirror/ftp/pool/main/p/postgresql-11/postgresql-11_11.14-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/postgresql-11_11.16-0+deb10u1.dsc @@ -1,3 +1,21 @@ +11.16-0+deb10u1 [Wed, 11 May 2022 15:15:30 +0200] Christoph Berg <myon@debian.org>: + + * New upstream release. + + * Confine additional operations within security restricted operation + sandboxes (Sergey Shinderuk, Noah Misch) + + Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, + and pg_amcheck activated the security restricted operation protection + mechanism too late, or even not at all in some code paths. A user having + permission to create non-temporary objects within a database could + define an object that would execute arbitrary SQL code with superuser + permissions the next time that autovacuum processed the object, or that + some superuser ran one of the affected commands against it. + + The PostgreSQL Project thanks Alexander Lakhin for reporting this + problem. (CVE-2022-1552) + 11.14-0+deb10u1 [Thu, 11 Nov 2021 12:53:26 +0100] Christoph Berg <myon@debian.org>: * New upstream security release. <http://piuparts.knut.univention.de/5.0-1/#5795178251079884579>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 041d203492 Bug #54751: postgresql-11 11.16-0+deb10u1 doc/errata/staging/postgresql-11.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) [5.0-1] 81c8e2a11c Bug #54751: postgresql-11 11.16-0+deb10u1 doc/errata/staging/postgresql-11.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x307>