-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 07 Aug 2024 16:09:15 +0200 Source: postgresql-13 Binary: postgresql-doc-13 Architecture: all Version: 13.16-0+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Christoph Berg Description: postgresql-doc-13 - documentation for the PostgreSQL database management system Changes: postgresql-13 (13.16-0+deb11u1) bullseye-security; urgency=medium . * New upstream version. . + Prevent unauthorized code execution during pg_dump (Masahiko Sawada) . An attacker able to create and drop non-temporary objects could inject SQL code that would be executed by a concurrent pg_dump session with the privileges of the role running pg_dump (which is often a superuser). The attack involves replacing a sequence or similar object with a view or foreign table that will execute malicious code. To prevent this, introduce a new server parameter restrict_nonsystem_relation_kind that can disable expansion of non-builtin views as well as access to foreign tables, and teach pg_dump to set it when available. Note that the attack is prevented only if both pg_dump and the server it is dumping from are new enough to have this fix. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2024-7348) Checksums-Sha1: 6ea5303eed8b30d86e491b8bd6b7b72bd18b028e 9748 postgresql-13_13.16-0+deb11u1_all-buildd.buildinfo 423b81958e3bf6a860f9a78bd6f36c01d1374979 1979924 postgresql-doc-13_13.16-0+deb11u1_all.deb Checksums-Sha256: 9d76b59ba9556b567eea61cbfa8c521576e1914dc1b8cf529039c1e48027f3f2 9748 postgresql-13_13.16-0+deb11u1_all-buildd.buildinfo 2610eef54ac9ca948a5513f1593d07f4573a0ff1c5d3c5b6c37378452421550c 1979924 postgresql-doc-13_13.16-0+deb11u1_all.deb Files: 2e31b3741a0248bf51cc8a2210201a75 9748 database optional postgresql-13_13.16-0+deb11u1_all-buildd.buildinfo ad9e98984d2e955fbb7529cf29e74a26 1979924 doc optional postgresql-doc-13_13.16-0+deb11u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAma02VYACgkQigL77i1G SVmbEQ//c9d7dc9qB+X64eTDHSzqY4qj+cN/hw628hx6KgjrG96Cvg9bO3vRtW4c t4KAcqI+JmT7ccmLU7Ize0Y57BJvF1OG4jjKsrzYKw+bhT4JuX2KKp9CizJ1hvd4 KmP/VRtXMtJ/K8GeSHmuwvhS8NUeC9ENLUgYtPNpgpZw8XcqmoJB5Hu5IageUKOy HS90O8exUuO1WeJwfL59A59MkeyPFOLSHdY1EkP9OUVVUP9RRmwt61nuGcABlCZG T7swF1vmWmGoItLkOfxJJAPopzPkqwbzpzwg4lNKJRK123lFMpW4N8WvUWyyTGnA ZYo0l6KEFtIBUoQIsLJjEs01c8c54vP3lpL/Ukxs//c5sLlldRsniJULi7pHl11e Ua3hbRmFwRTnk6B4xpUWSWSk/vMG+nGTUIenz1N80dXkScYb+pjHSgzIO4t4YerN 9NTUCHfuolGcZnPC6dW1GwHNQPBG1Nt95NwYow/aNzWsVYwR/9VQNLImlsyJQroN NGh5VZAoowog/75jCXxCRZfLZ10RucSLbgVKX70GuiCUe/XnGW9eeeqs2Dkgm3zI 8iZbWUKi9opK4Pk7gHNHLuDlFme03xpxELcOIbKFWm3/rqWz5nWZna8pjLQiCZKS xahKs43J6/y0EnVnkV2pKkNWLF9etrCpBtnlPxabFR/e5wl+vhk= =gA43 -----END PGP SIGNATURE-----