UbuntuUpdates.org

Package "postgresql-doc-13"

Name: postgresql-doc-13

Description:

documentation for the PostgreSQL database management system

Latest version: 13.4-0ubuntu0.21.04.1
Release: hirsute (21.04)
Level: security
Repository: main
Head package: postgresql-13
Homepage: http://www.postgresql.org/

Links


Download "postgresql-doc-13"


Other versions of "postgresql-doc-13" in Hirsute

Repository Area Version
base main 13.2-1
updates main 13.4-0ubuntu0.21.04.1
PPA: Postgresql 13.3-1.pgdg16.04+1
PPA: Postgresql 13.4-4.pgdg18.04+1
PPA: Postgresql 13.4-4.pgdg20.04+1

Changelog

Version: 13.4-0ubuntu0.21.04.1 2021-08-12 19:06:24 UTC

  postgresql-13 (13.4-0ubuntu0.21.04.1) hirsute-security; urgency=medium

  * New upstream version (LP: #1928773).

    + Fix mis-planning of repeated application of a projection step (Tom Lane)

      The planner could create an incorrect plan in cases where two
      ProjectionPaths were stacked on top of each other. The only known
      way to trigger that situation involves parallel sort operations, but
      there may be other instances. The result would be crashes or
      incorrect query results.
      Disclosure of server memory contents is also possible.
      (CVE-2021-3677)

    + Disallow SSL renegotiation more completely (Michael Paquier)

      SSL renegotiation has been disabled for some time, but the server
      would still cooperate with a client-initiated renegotiation request.
      A maliciously crafted renegotiation request could result in a server
      crash (see OpenSSL issue CVE-2021-3449). Disable the feature
      altogether on OpenSSL versions that permit doing so, which are
      1.1.0h and newer.
      (CVE-2021-3449)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/13/release-13-4.html

 -- Christian Ehrhardt <email address hidden> Tue, 10 Aug 2021 14:18:33 +0200

Source diff to previous version
1928773 New upstream microreleases 10.17 12.7 13.3
CVE-2021-3677 RESERVED
CVE-2021-3449 NULL pointer deref in signature_algorithms processing

Version: 13.3-0ubuntu0.21.04.1 2021-06-01 13:06:30 UTC

  postgresql-13 (13.3-0ubuntu0.21.04.1) hirsute-security; urgency=medium

  * New upstream version (LP: #1928773).

    + Prevent integer overflows in array subscripting calculations (Tom Lane)

      The array code previously did not complain about cases where an array's
      lower bound plus length overflows an integer. This resulted in later
      entries in the array becoming inaccessible (since their subscripts could
      not be written as integers), but more importantly it confused subsequent
      assignment operations. This could lead to memory overwrites, with
      ensuing crashes or unwanted data modifications. (CVE-2021-32027)

    + Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
      target lists (Tom Lane)

      If the UPDATE list contains any multi-column sub-selects (which give
      rise to junk columns in addition to the results proper), the UPDATE path
      would end up storing tuples that include the values of the extra junk
      columns. That's fairly harmless in the short run, but if new columns are
      added to the table then the values would become accessible, possibly
      leading to malfunctions if they don't match the datatypes of the added
      columns.

      In addition, in versions supporting cross-partition updates, a
      cross-partition update triggered by such a case had the reverse problem:
      the junk columns were removed from the target list, typically causing an
      immediate crash due to malfunction of the multi-column sub-select
      mechanism. (CVE-2021-32028)

    + Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for
      joined cross-partition updates (Amit Langote, Etsuro Fujita)

      If an UPDATE for a partitioned table caused a row to be moved to another
      partition with a physically different row type (for example, one with a
      different set of dropped columns), computation of RETURNING results for
      that row could produce errors or wrong answers. No error is observed
      unless the UPDATE involves other tables being joined to the target
      table. (CVE-2021-32029)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/13/release-13-3.html

 -- Christian Ehrhardt <email address hidden> Tue, 18 May 2021 12:06:38 +0200

1928773 New upstream microreleases 10.17 12.7 13.3



About   -   Send Feedback to @ubuntu_updates