UbuntuUpdates.org

Package "postgresql-10"

Name: postgresql-10

Description:

object-relational SQL database, version 10 server

Latest version: 10.21-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://www.postgresql.org/

Links


Download "postgresql-10"


Other versions of "postgresql-10" in Bionic

Repository Area Version
base main 10.3-1
base universe 10.3-1
security main 10.21-0ubuntu0.18.04.1
security universe 10.21-0ubuntu0.18.04.1
updates universe 10.21-0ubuntu0.18.04.1
PPA: Postgresql 10.8-1.pgdg14.04+1
PPA: Postgresql 10.17-1.pgdg16.04+1
PPA: Postgresql 10.21-1.pgdg22.04+1
PPA: Postgresql 10.21-1.pgdg18.04+1
PPA: Postgresql 10.21-1.pgdg20.04+1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 10.21-0ubuntu0.18.04.1 2022-05-24 15:06:23 UTC

  postgresql-10 (10.21-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream version (LP: #1973627).

    + A dump/restore is not required for those running 10.X.

    + However, if you are upgrading from a version earlier than 10.19, see
      those release notes as well please.

    + Confine additional operations within "security restricted operation"
      sandboxes (Sergey Shinderuk, Noah Misch).

      Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
      and pg_amcheck activated the "security restricted operation" protection
      mechanism too late, or even not at all in some code paths. A user having
      permission to create non-temporary objects within a database could
      define an object that would execute arbitrary SQL code with superuser
      permissions the next time that autovacuum processed the object, or that
      some superuser ran one of the affected commands against it.

      The PostgreSQL Project thanks Alexander Lakhin for reporting this
      problem.
      (CVE-2022-1552)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/release-10-21.html

 -- Sergio Durigan Junior <email address hidden> Tue, 17 May 2022 21:58:23 -0400

Source diff to previous version
1973627 New upstream microreleases 10.21, 12.11, 13.7 and 14.3

Version: 10.20-0ubuntu0.18.04.1 2022-05-11 23:06:18 UTC

  postgresql-10 (10.20-0ubuntu0.18.04.1) bionic; urgency=medium

  * New upstream version (LP: #1961127).

    + A dump/restore is not required for those running 10.X.

    + However, if you are upgrading from a version earlier than 10.19, see
      those release notes as well please.

    + The PostgreSQL community will stop releasing updates for the 10.X
      release series in November 2022. After this date, there will be no
      further minor release updates, but Ubuntu will continue to backport
      important fixes as needed.

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/release-10-20.html

 -- Athos Ribeiro <email address hidden> Mon, 14 Feb 2022 10:28:53 -0300

Source diff to previous version
1961127 New upstream microreleases 10.20, 12.10, 13.6 and 14.2

Version: 10.19-0ubuntu0.18.04.1 2021-11-11 20:06:28 UTC

  postgresql-10 (10.19-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream version (LP: #1950268).

    + Make the server reject extraneous data after an SSL or GSS
      encryption handshake
      CVE-2021-23214

    + Make libpq reject extraneous data after an SSL or GSS
      encryption handshake
      CVE-2021-23222

    + A dump/restore is not required for those running 10.X.

    + However, note that installations using physical replication should
      update standby servers before the primary server, details in the
      release notes linked below.

    + Also, several bugs have been found that may have resulted in corrupted
      indexes, explained in detail in the release notes linked below. If any
      of those cases apply to you, it's recommended to reindex
      possibly-affected indexes after updating.

    + Also, if you are upgrading from a version earlier than 10.16,
      see those release notes as well please.

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/release-10-19.html

 -- Christian Ehrhardt <email address hidden> Tue, 09 Nov 2021 09:39:50 +0100

Source diff to previous version

Version: 10.18-0ubuntu0.18.04.1 2021-08-12 19:06:19 UTC

  postgresql-10 (10.18-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream version (LP: #1939396).

    + Disallow SSL renegotiation more completely (Michael Paquier)

      SSL renegotiation has been disabled for some time, but the server
      would still cooperate with a client-initiated renegotiation request.
      A maliciously crafted renegotiation request could result in a server
      crash (see OpenSSL issue CVE-2021-3449). Disable the feature
      altogether on OpenSSL versions that permit doing so, which are
      1.1.0h and newer.
      (CVE-2021-3449)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/release-10-18.html

    + d/p/reproducible-bki: refreshed for 10.18

 -- Christian Ehrhardt <email address hidden> Tue, 10 Aug 2021 14:18:35 +0200

Source diff to previous version
1939396 New upstream microreleases 10.18 12.8 13.4
CVE-2021-3449 NULL pointer deref in signature_algorithms processing

Version: 10.17-0ubuntu0.18.04.1 2021-06-01 13:06:21 UTC

  postgresql-10 (10.17-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream version (LP: #1928773).

    + Prevent integer overflows in array subscripting calculations (Tom Lane)

      The array code previously did not complain about cases where an array's
      lower bound plus length overflows an integer. This resulted in later
      entries in the array becoming inaccessible (since their subscripts could
      not be written as integers), but more importantly it confused subsequent
      assignment operations. This could lead to memory overwrites, with
      ensuing crashes or unwanted data modifications. (CVE-2021-32027)

    + Fix mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE
      target lists (Tom Lane)

      If the UPDATE list contains any multi-column sub-selects (which give
      rise to junk columns in addition to the results proper), the UPDATE path
      would end up storing tuples that include the values of the extra junk
      columns. That's fairly harmless in the short run, but if new columns are
      added to the table then the values would become accessible, possibly
      leading to malfunctions if they don't match the datatypes of the added
      columns.

      In addition, in versions supporting cross-partition updates, a
      cross-partition update triggered by such a case had the reverse problem:
      the junk columns were removed from the target list, typically causing an
      immediate crash due to malfunction of the multi-column sub-select
      mechanism. (CVE-2021-32028)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/release-10-17.html

 -- Christian Ehrhardt <email address hidden> Tue, 18 May 2021 12:17:37 +0200

1928773 New upstream microreleases 10.17 12.7 13.3



About   -   Send Feedback to @ubuntu_updates