-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 07 Nov 2023 14:36:06 +0100 Source: postgresql-15 Architecture: source Version: 15.5-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Christoph Berg <myon@debian.org> Changes: postgresql-15 (15.5-0+deb12u1) bookworm-security; urgency=medium . * New upstream version. . * Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions (Tom Lane) . This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. . The PostgreSQL Project thanks Jingzhou Fu for reporting this problem. (CVE-2023-5868) . * Detect integer overflow while computing new array dimensions (Tom Lane) . When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. . The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2023-5869) . * Prevent the pg_signal_backend role from signalling background workers and autovacuum processes (Noah Misch, Jelte Fennema-Nio) . The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. . Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. . The PostgreSQL Project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem. (CVE-2023-5870) . * Fix misbehavior during recursive page split in GiST index build (Heikki Linnakangas) . Fix a case where the location of a page downlink was incorrectly tracked, and introduce some logic to allow recovering from such situations rather than silently doing the wrong thing. This error could result in incorrect answers from subsequent index searches. It may be advisable to reindex all GiST indexes after installing this update. . * Prevent de-duplication of btree index entries for interval columns . There are interval values that are distinguishable but compare equal, for example 24:00:00 and 1 day. This breaks assumptions made by btree de-duplication, so interval columns need to be excluded from de-duplication. This oversight can cause incorrect results from index-only scans. Moreover, after updating amcheck will report an error for almost all such indexes. Users should reindex any btree indexes on interval columns. . * Rebase debian/patches/libpgport-pkglibdir. Checksums-Sha1: ef17427ffeddaab1542ec9c193748bf16cf4fe9a 3919 postgresql-15_15.5-0+deb12u1.dsc 1688b684c181a3173a3f2b76a12e83c8371facc8 23091780 postgresql-15_15.5.orig.tar.bz2 e17713becc5f0e0e4d946507a75174985631c203 25052 postgresql-15_15.5-0+deb12u1.debian.tar.xz Checksums-Sha256: 0375551ce7ba7e8f5242e59cb20b944adcc6826f78422f2a436be6e99725e666 3919 postgresql-15_15.5-0+deb12u1.dsc 8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 23091780 postgresql-15_15.5.orig.tar.bz2 0cfb11525046064ad795faab3b68e4b450f2fda314ae3fa6555a7178b4674dfb 25052 postgresql-15_15.5-0+deb12u1.debian.tar.xz Files: 5491dd9c4196d9ca0d0b15a37b5417d0 3919 database optional postgresql-15_15.5-0+deb12u1.dsc 9a7d6515408ecb5823546d0a3d7b318c 23091780 database optional postgresql-15_15.5.orig.tar.bz2 ba01d1504baeea53362003a1b443d704 25052 database optional postgresql-15_15.5-0+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmVOWEIACgkQTFprqxLS p67iRRAAnc8R52bOrpFQZarxNI3M6yJmrL+3IT5Sm+2MCaZKpu0lLJNUvL7KPAvC fl5ad55SFejPG5yZ63BSGSPhfZ0069uSIHXveWlOZJxEofh4GiWQZabNBeUEF4sh 9Wop444gyhhXCqlyS4yBjBt/7Suwode4w1ybSiL0sF1N3VCQwTOM+zmk9vDvZGxN 24ui6iOjV4iHRzyu781U4OgC7V2xZgfsstv5yYzDlH0LjEhpmxrejX98rPzP6tS6 wOxxNtI5tYS4Q+jCbNVj7T+hl0p1Jlw2jmikK5Wh7fHhsgexOaF4TyyPSXwpvqzI UNYn6cn0J7Qd25IWViA1EdvMnkumdcQlPhlC5JwHZUoyuUm9ZPjl0m/UHDTHoIps YEQyqst2XgqQLN8VAoTokAPnFjQhlH7z7St65m+1Ek2FKXXU/ddGzS0k/CIfhH8k 7F4VtIdVHKEefnjXC01yDBOdlx/v3I2jHAKtUBaRiPwkg+mmE+nZN2SuC5FAo3Ex mxnk04QOgYQ2jAkwxKkztNuc5sSRCB3ObLcQHSiQNdRceptrjkzozh0sQrdaT8dh GKQZsy8lS/s2rc7OL8zh0VOgOXGSX/uztkMTb9y6MT2BYXue02fXdj4a9xqVNmlv dzcUXlvHX5JKWNtjJ6PBZfjdzRnycPB7lBknsAbvG93JXG60mRM= =EfWn -----END PGP SIGNATURE-----