Format: 1.8 Date: Thu, 23 Nov 2023 11:27:03 -0300 Source: postgresql-15 Binary: libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-15 postgresql-client-15 postgresql-doc-15 postgresql-plperl-15 postgresql-plpython3-15 postgresql-pltcl-15 postgresql-server-dev-15 Built-For-Profiles: noudeb Architecture: amd64 amd64_translations all Version: 15.5-0ubuntu0.23.04.1 Distribution: lunar Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Athos Ribeiro Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-doc-15 - documentation for the PostgreSQL database management system postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Launchpad-Bugs-Fixed: 2040469 Changes: postgresql-15 (15.5-0ubuntu0.23.04.1) lunar-security; urgency=medium . * New upstream version (LP: #2040469). . + A dump/restore is not required for those running 15.X. . + However, several mistakes have been discovered that could lead to certain types of indexes yielding wrong search results or being unnecessarily inefficient. It is advisable to REINDEX potentially-affected indexes after installing this update. . + Also, if you are upgrading from a version earlier than 15.4, see those release notes as well please. . + Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions (Tom Lane) . This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. (CVE-2023-5868) . + Detect integer overflow while computing new array dimensions (Tom Lane) . When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. (CVE-2023-5869) . + Prevent the pg_signal_backend role from signalling background workers and autovacuum processes (Noah Misch, Jelte Fennema-Nio) . The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. . Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. (CVE-2023-5870) . + Fix misbehavior during recursive page split in GiST index build (Heikki Linnakangas) . Fix a case where the location of a page downlink was incorrectly tracked, and introduce some logic to allow recovering from such situations rather than silently doing the wrong thing. This error could result in incorrect answers from subsequent index searches. It may be advisable to reindex all GiST indexes after installing this update. . + Prevent de-duplication of btree index entries for interval columns (Noah Misch) . There are interval values that are distinguishable but compare equal, for example 24:00:00 and 1 day. This breaks assumptions made by btree de-duplication, so interval columns need to be excluded from de-duplication. This oversight can cause incorrect results from index-only scans. Moreover, after updating amcheck will report an error for almost all such indexes. Users should reindex any btree indexes on interval columns. . + Process date values more sanely in BRIN datetime_minmax_multi_ops indexes (Tomas Vondra) . The distance calculation for dates was backward, causing poor decisions about which entries to merge. The index still produces correct results, but is much less efficient than it should be. Reindexing BRIN minmax_multi indexes on date columns is advisable. . + Process large timestamp and timestamptz values more sanely in BRIN datetime_minmax_multi_ops indexes (Tomas Vondra) . Infinities were mistakenly treated as having distance zero rather than a large distance from other values, causing poor decisions about which entries to merge. Also, finite-but-very-large values (near the endpoints of the representable timestamp range) could result in internal overflows, again causing poor decisions. The index still produces correct results, but is much less efficient than it should be. Reindexing BRIN minmax_multi indexes on timestamp and timestamptz columns is advisable if the column contains, or has contained, infinities or large finite values. . + Details about these and many further changes can be found at: https://www.postgresql.org/docs/15/release-15-5.html. . * d/p/libpgport-pkglibdir: adjust patch for new release. Checksums-Sha1: 0b9a1714615900c2057bb1ccbb2fe592140df8f7 34742 libecpg-compat3-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 9f71beb0794860419e8ea552b801e93007d8645e 17892 libecpg-compat3_15.5-0ubuntu0.23.04.1_amd64.deb 4d616466f41e8a2e5b72e4542c4088962e4d7bd9 269300 libecpg-dev-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 7655758cbbddfe6a2249c0e27eb328487a2fe749 262140 libecpg-dev_15.5-0ubuntu0.23.04.1_amd64.deb 18b47986e68ef40604d5792e1c33421164b9a306 119682 libecpg6-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb cd3270aeca8a7748f3832dbb0a1502d379d3a7ca 43978 libecpg6_15.5-0ubuntu0.23.04.1_amd64.deb 9a341773ca38a6241b93958bd4065335f6d0ca61 87526 libpgtypes3-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 331d8419605261a09317261bf6112b2c36c46781 43030 libpgtypes3_15.5-0ubuntu0.23.04.1_amd64.deb 4f1a16ef05a0e41726ff559fb99375d72e8bc300 149450 libpq-dev_15.5-0ubuntu0.23.04.1_amd64.deb b729046d68d8662846e37916b07f02e51bbec98d 300618 libpq5-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb fdd2a764f47f38222bf2a84c2cfca4834c5df436 136470 libpq5_15.5-0ubuntu0.23.04.1_amd64.deb 482ef8fb6a23347175414af51b42468c6d81325d 18426940 postgresql-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 7dc29f5e1a885793611f9b3d3d4052138b0b7c4d 18211 postgresql-15_15.5-0ubuntu0.23.04.1_amd64.buildinfo 32b2b0e9b71ba9d8d350c1c764975cacca435b95 16424612 postgresql-15_15.5-0ubuntu0.23.04.1_amd64.deb d325cc9a1ee36480bb004a42166ac9a03c2bbd6f 9625737 postgresql-15_15.5-0ubuntu0.23.04.1_amd64_translations.tar.gz dbbbb9cbf467ff56176dd79f5db6d47e74ae6a0d 1944978 postgresql-client-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb f795a1ee7f32e4edbd1c5cd0b8098b6835551525 1250548 postgresql-client-15_15.5-0ubuntu0.23.04.1_amd64.deb 8d7afd74d8d8667a50dde2db767c0e1346b1fd35 2036462 postgresql-doc-15_15.5-0ubuntu0.23.04.1_all.deb 379f909af2520b36d62a96926a48113a4dcd5dee 183240 postgresql-plperl-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 7e9eae5871b44d8b9d33dbc25019c6d8f0563d3a 72850 postgresql-plperl-15_15.5-0ubuntu0.23.04.1_amd64.deb e5717a2375b653530588a2ff160c624243e79773 167434 postgresql-plpython3-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb bed157675dd08942e9477b8895b80c3d09a860a5 78506 postgresql-plpython3-15_15.5-0ubuntu0.23.04.1_amd64.deb bd8864555bb99ad49ae41bbef89ac0b81314acbb 80780 postgresql-pltcl-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb e59a284eda0adde283be1f936bf48ab51c04e62c 30864 postgresql-pltcl-15_15.5-0ubuntu0.23.04.1_amd64.deb a1ad31fe84b90c022d2734ecf4db68c7aed8314c 1193830 postgresql-server-dev-15_15.5-0ubuntu0.23.04.1_amd64.deb Checksums-Sha256: 887105a2540da2d23ea304c1dc87899166f0a60df0f9391b303484cad36c7f2f 34742 libecpg-compat3-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb d58f02f8970adc3e751dfd6c1e3edad1277810b80cc049878ba00e3822c5d4b6 17892 libecpg-compat3_15.5-0ubuntu0.23.04.1_amd64.deb e39bb453e9b1837f7b2dfe6fc3dd6563c2d5f5608ba9d12d02f8c71087b2b373 269300 libecpg-dev-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb c8816366e4135f3504f46802f415da1244ad4a3f914643313c451618a29f95fd 262140 libecpg-dev_15.5-0ubuntu0.23.04.1_amd64.deb 7c920cffc7ffe70e2e788a917ba94eca643b9135fd75a0dfc73666731849b738 119682 libecpg6-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 361bbefdb161f0a03d98964935b91434574e03443075debcad2fce56ff312a0d 43978 libecpg6_15.5-0ubuntu0.23.04.1_amd64.deb 8572de528be76f701f0220f94acf8d8360f5a465d545e66303fe622038745229 87526 libpgtypes3-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 4ac0d3fc8ec8eb132ee99f3c8ba006bf3f1bee736a80fe1ee41e4c38bee14880 43030 libpgtypes3_15.5-0ubuntu0.23.04.1_amd64.deb 2b1ee841c282bfdb8ec68190c279abcde39fcebbbe0c3cd8d3bf9fd5d1c58312 149450 libpq-dev_15.5-0ubuntu0.23.04.1_amd64.deb 7a78a29d1703358498e7c1813a1fb693c772feebf1fbe09f1b3e8910f729b24c 300618 libpq5-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb d3e7415958c5e46302893f4c488c21dc590f0da59a7ea53a17f934a42dbd7a9b 136470 libpq5_15.5-0ubuntu0.23.04.1_amd64.deb d657401c421d6a1bec4e49c6db202252ed21acb20e61a767f4416bdcfd8f9ffb 18426940 postgresql-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb c5af0e8204693ed28d64df689c60fa1a61fbdaa3b519805887756121eaae4758 18211 postgresql-15_15.5-0ubuntu0.23.04.1_amd64.buildinfo 490deea2ce3a4a3674cf3b8ced877899c71c425b1ce68b204171e51e11d0091e 16424612 postgresql-15_15.5-0ubuntu0.23.04.1_amd64.deb 92a8ee2b1638a875a2aadac123d20f9f1ceae618cf2673bbca02e45a86792022 9625737 postgresql-15_15.5-0ubuntu0.23.04.1_amd64_translations.tar.gz bf9a85b0d36e6c861bb0782aacf2ee491f8cbfc5296ced03a58ca354e3f0576e 1944978 postgresql-client-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb a049efd9f37011daffb6f6d2e9f86ffbc5aa087e5a2138e2a59546d8cc48b63e 1250548 postgresql-client-15_15.5-0ubuntu0.23.04.1_amd64.deb f7c667aa6155b25be65f04e2618b25c6a49db0d627928bf58797371059ae794e 2036462 postgresql-doc-15_15.5-0ubuntu0.23.04.1_all.deb 7664e93540b668851e0754ea581cbecd9ec8b4a938bf01c43bff9d7bd8970b87 183240 postgresql-plperl-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb c1f8687538102b981a7268dcad89d80b2f683235a10f85ff76c5fc1b8ea38743 72850 postgresql-plperl-15_15.5-0ubuntu0.23.04.1_amd64.deb a8da6bb70ffb2f0a280733a2e235f338a1e762d14a140e9ed9078a29b9012e8d 167434 postgresql-plpython3-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 31a8122f379d6dc86a1427119b7dc7c39584878bce28f8f15ad910fa3a9faf28 78506 postgresql-plpython3-15_15.5-0ubuntu0.23.04.1_amd64.deb 03e2125b6441fa1c41125b61cab4eb7c622ead8410018eec2f2d851ca29210f2 80780 postgresql-pltcl-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb f0d9cc80d98ba36f2c491b9efc99ec486e9bac3b3871979896c168467e0927b0 30864 postgresql-pltcl-15_15.5-0ubuntu0.23.04.1_amd64.deb ae4f4ebf527ab7a9679d081c9fed9888b777bfb5cb96a5198bdc623f81f911fd 1193830 postgresql-server-dev-15_15.5-0ubuntu0.23.04.1_amd64.deb Files: cff7dacc00226cdbe4923564555e8dd7 34742 debug optional libecpg-compat3-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb d8de734041057a80628791023d7fcb9b 17892 libs optional libecpg-compat3_15.5-0ubuntu0.23.04.1_amd64.deb 30b2625c5666e59a1e3c50243e51caac 269300 debug optional libecpg-dev-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb b7ccdfdf128e30f0cf3ed8e8340d67b5 262140 libdevel optional libecpg-dev_15.5-0ubuntu0.23.04.1_amd64.deb 21ff2c11092aca32a9ccb311c52522c1 119682 debug optional libecpg6-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 51e2760960c73561036652862cb5bc58 43978 libs optional libecpg6_15.5-0ubuntu0.23.04.1_amd64.deb 7651b341566528784986fb338a0b9814 87526 debug optional libpgtypes3-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb ea0c9c900de0a51445d50e3b1decef44 43030 libs optional libpgtypes3_15.5-0ubuntu0.23.04.1_amd64.deb 6ac8eab4fd94b19e900425b104919788 149450 libdevel optional libpq-dev_15.5-0ubuntu0.23.04.1_amd64.deb cc53650755ce8928c82f4c1fb47bcfa7 300618 debug optional libpq5-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 44137f1263a13954b68e97126d28f930 136470 libs optional libpq5_15.5-0ubuntu0.23.04.1_amd64.deb ae906142e665b10156658071b403368c 18426940 debug optional postgresql-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 1e25c954d0ea4e922c0c99cd0eee5ee7 18211 database optional postgresql-15_15.5-0ubuntu0.23.04.1_amd64.buildinfo 7fdc31be162c00f8295ef1b3152ce79b 16424612 database optional postgresql-15_15.5-0ubuntu0.23.04.1_amd64.deb 3baebc255d3bf855afa62c482441d9e0 9625737 raw-translations - postgresql-15_15.5-0ubuntu0.23.04.1_amd64_translations.tar.gz 626d76e58cd56b11f0820ca7fa97cd94 1944978 debug optional postgresql-client-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 2dceb033b5c78f6dea92142314dfa083 1250548 database optional postgresql-client-15_15.5-0ubuntu0.23.04.1_amd64.deb 7842ab0a396a77872664febffdd618d5 2036462 doc optional postgresql-doc-15_15.5-0ubuntu0.23.04.1_all.deb 78c8e6621446257e89c84c4eb453afaf 183240 debug optional postgresql-plperl-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 6809bf8ff12d4ddfa2d09d42da0a4195 72850 database optional postgresql-plperl-15_15.5-0ubuntu0.23.04.1_amd64.deb f38135811b237be207ba65b0772787ba 167434 debug optional postgresql-plpython3-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb 388216f7bef4025bc5f558edf49a5380 78506 database optional postgresql-plpython3-15_15.5-0ubuntu0.23.04.1_amd64.deb 6468bb1357c0aba908312d4d38083063 80780 debug optional postgresql-pltcl-15-dbgsym_15.5-0ubuntu0.23.04.1_amd64.ddeb b29ed8301e35600f8e7e7ca20d991fb7 30864 database optional postgresql-pltcl-15_15.5-0ubuntu0.23.04.1_amd64.deb 4c468d19add6a0aa9a7045abbdbd2901 1193830 libdevel optional postgresql-server-dev-15_15.5-0ubuntu0.23.04.1_amd64.deb Original-Maintainer: Debian PostgreSQL Maintainers