UbuntuUpdates.org

Package "libecpg6"

Name: libecpg6

Description:

run-time library for ECPG programs
Latest version: 14.8-0ubuntu0.22.10.1
Release: kinetic (22.10)
Level: security
Repository: main
Head package: postgresql-14
Homepage: http://www.postgresql.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libecpg6"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libecpg6" in Kinetic

Repository Area Version
base main 14.5-1ubuntu1
updates main 14.8-0ubuntu0.22.10.1
PPA: Postgresql 9.4.1-1.pgdg10.4+1
PPA: Postgresql 9.6.3-1.pgdg12.4+1
PPA: Postgresql 11.3-1.pgdg14.04+1
PPA: Postgresql 13.3-1.pgdg16.04+1
PPA: Postgresql 15.3-1.pgdg20.04+1
PPA: Postgresql 15.3-1.pgdg18.04+1
PPA: Postgresql 15.3-1.pgdg22.04+1

Changelog

Version: 14.8-0ubuntu0.22.10.1 2023-05-24 17:07:06 UTC

  postgresql-14 (14.8-0ubuntu0.22.10.1) kinetic-security; urgency=medium

  * New upstream version (LP: #2019214).

    + A dump/restore is not required for those running 14.X.

    + Also, if you are upgrading from a version earlier than 14.4, see
      those release notes as well please.

    + Prevent CREATE SCHEMA from defeating changes in search_path
      (Alexander Lakhin)

      Within a CREATE SCHEMA command, objects in the prevailing
      search_path, as well as those in the newly-created schema, would be
      visible even within a called function or script that attempted to set
      a secure search_path. This could allow any user having permission to
      create a schema to hijack the privileges of a security definer
      function or extension script.
      (CVE-2023-2454)

    + Enforce row-level security policies correctly after inlining a
      set-returning function (Stephen Frost, Tom Lane)

      If a set-returning SQL-language function refers to a table having
      row-level security policies, and it can be inlined into a calling
      query, those RLS policies would not get enforced properly in some
      cases involving re-using a cached plan under a different role. This
      could allow a user to see or modify rows that should have been
      invisible.
      (CVE-2023-2455)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-8.html

 -- Athos Ribeiro <email address hidden> Tue, 16 May 2023 09:10:45 -0300
Source diff to previous version
2019214 New upstream microreleases 12.15, 14.8, and 15.3
CVE-2023-2454 CREATE SCHEMA ... schema_element defeats protective search_path changes
CVE-2023-2455 Row security policies disregard user ID changes after inlining

Version: 14.7-0ubuntu0.22.10.1 2023-03-02 14:07:06 UTC

  postgresql-14 (14.7-0ubuntu0.22.10.1) kinetic-security; urgency=medium

  * New upstream version (LP: #2006406).

    + A dump/restore is not required for those running 14.X.

    + Also, if you are upgrading from a version earlier than 14.4, see
      those release notes as well please.

    + libpq can leak memory contents after GSSAPI transport encryption
      initiation fails (Jacob Champion).
      (CVE-2022-41862)

    + Fix calculation of which GENERATED columns need to be updated in
      child tables during an UPDATE on a partitioned table or inheritance
      tree (Amit Langote, Tom Lane).

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-7.html

 -- Sergio Durigan Junior <email address hidden> Thu, 09 Feb 2023 15:24:34 -0500
2006406 New upstream microreleases 12.14 and 14.7


About   -   Send Feedback to @ubuntu_updates