This bug was fixed in the package postgresql-15 - 15.6-0ubuntu0.23.10.1 --------------- postgresql-15 (15.6-0ubuntu0.23.10.1) mantic-security; urgency=medium
* New upstream version (LP: #2052850). + A dump/restore is not required for those running 15.X. + However, one bug was fixed that could have resulted in corruption of GIN indexes during concurrent updates. If you suspect such corruption, reindex affected indexes after installing this update. + Also, if you are upgrading from a version earlier than 15.5, see those release notes as well please. + Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (Heikki Linnakangas) One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected. The only known exploit for this error does not work in PostgreSQL 16.0 and later, so it may be that v16 is not vulnerable in practice. The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2024-0985) + Details about these and many further changes can be found at: https://www.postgresql.org/docs/15/release-15-6.html. * d/postgresql-15.NEWS: Update. -- Sergio Durigan Junior <sergio.duri...@canonical.com> Fri, 09 Feb 2024 19:43:36 -0500 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2052850 Title: New upstream microreleases 12.18, 14.11, 15.6 and 16.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-12/+bug/2052850/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs