UbuntuUpdates.org

Package "libpq-dev"

Name: libpq-dev

Description:

header files for libpq5 (PostgreSQL library)

Latest version: 12.22-0ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: main
Head package: postgresql-12
Homepage: http://www.postgresql.org/

Links


Download "libpq-dev"


Other versions of "libpq-dev" in Focal

Repository Area Version
base main 12.2-4
updates main 12.22-0ubuntu0.20.04.1
PPA: Postgresql 17.2-1.pgdg22.04+1
PPA: Postgresql 9.4.1-1.pgdg10.4+1
PPA: Postgresql 9.6.3-1.pgdg12.4+1
PPA: Postgresql 11.3-1.pgdg14.04+1
PPA: Postgresql 13.3-1.pgdg16.04+1
PPA: Postgresql 15.3-1.pgdg18.04+1
PPA: Postgresql 17.2-1.pgdg20.04+1

Changelog

Version: 12.15-0ubuntu0.20.04.1 2023-05-25 04:07:00 UTC

  postgresql-12 (12.15-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #2019214).

    + A dump/restore is not required for those running 12.X.

    + Also, if you are upgrading from a version earlier than 12.10, see
      those release notes as well please.

    + Prevent CREATE SCHEMA from defeating changes in search_path
      (Alexander Lakhin)

      Within a CREATE SCHEMA command, objects in the prevailing
      search_path, as well as those in the newly-created schema, would be
      visible even within a called function or script that attempted to set
      a secure search_path. This could allow any user having permission to
      create a schema to hijack the privileges of a security definer
      function or extension script.
      (CVE-2023-2454)

    + Enforce row-level security policies correctly after inlining a
      set-returning function (Stephen Frost, Tom Lane)

      If a set-returning SQL-language function refers to a table having
      row-level security policies, and it can be inlined into a calling
      query, those RLS policies would not get enforced properly in some
      cases involving re-using a cached plan under a different role. This
      could allow a user to see or modify rows that should have been
      invisible.
      (CVE-2023-2455)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-15.html.

 -- Sergio Durigan Junior <email address hidden> Thu, 11 May 2023 15:58:10 -0400

Source diff to previous version
2019214 New upstream microreleases 12.15, 14.8, and 15.3
CVE-2023-2454 CREATE SCHEMA ... schema_element defeats protective search_path changes
CVE-2023-2455 Row security policies disregard user ID changes after inlining

Version: 12.14-0ubuntu0.20.04.1 2023-03-02 14:07:00 UTC

  postgresql-12 (12.14-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #2006406).

    + A dump/restore is not required for those running 12.X.

    + Also, if you are upgrading from a version earlier than 12.10, see
      those release notes as well please.

    + libpq can leak memory contents after GSSAPI transport encryption
      initiation fails (Jacob Champion).
      (CVE-2022-41862)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-14.html

 -- Athos Ribeiro <email address hidden> Thu, 09 Feb 2023 18:44:37 -0300

Source diff to previous version
2006406 New upstream microreleases 12.14 and 14.7

Version: 12.12-0ubuntu0.20.04.1 2022-08-18 18:06:18 UTC

  postgresql-12 (12.12-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #1984012).

    + A dump/restore is not required for those running 12.X.

    + Also, if you are upgrading from a version earlier than 12.10, see
      those release notes as well please.

    + Do not let extension scripts replace objects not already belonging
      to the extension (Tom Lane).
      (CVE-2022-2625)

    + Fix permissions checks in CREATE INDEX (Nathan Bossart,
      Noah Misch).

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-12.html

 -- Athos Ribeiro <email address hidden> Thu, 11 Aug 2022 16:54:40 -0300

Source diff to previous version
1984012 New upstream microreleases 10.22, 12.12 and 14.5
CVE-2022-2625 extension scripts replace objects not owned by the extension

Version: 12.11-0ubuntu0.20.04.1 2022-05-24 15:06:27 UTC

  postgresql-12 (12.11-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #1973627)

    + A dump/restore is not required for those running 12.X.

    + However, if you are upgrading from a version earlier than 12.10,
      see those release notes as well.

    + Confine additional operations within "security restricted operation"
      sandboxes (Sergey Shinderuk, Noah Misch).

      Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
      and pg_amcheck activated the "security restricted operation" protection
      mechanism too late, or even not at all in some code paths. A user having
      permission to create non-temporary objects within a database could
      define an object that would execute arbitrary SQL code with superuser
      permissions the next time that autovacuum processed the object, or that
      some superuser ran one of the affected commands against it.

      The PostgreSQL Project thanks Alexander Lakhin for reporting this
      problem.
      (CVE-2022-1552)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-11.html

 -- Sergio Durigan Junior <email address hidden> Tue, 17 May 2022 22:10:51 -0400

Source diff to previous version
1973627 New upstream microreleases 10.21, 12.11, 13.7 and 14.3

Version: 12.9-0ubuntu0.20.04.1 2021-11-11 20:06:32 UTC

  postgresql-12 (12.9-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #1950268).

    + Make the server reject extraneous data after an SSL or GSS
      encryption handshake
      CVE-2021-23214

    + Make libpq reject extraneous data after an SSL or GSS
      encryption handshake
      CVE-2021-23222

    + A dump/restore is not required for those running 12.X.

    + However, note that installations using physical replication should
      update standby servers before the primary server, details in the
      release notes linked below.

    + Also, several bugs have been found that may have resulted in corrupted
      indexes, explained in detail in the release notes linked below. If any
      of those cases apply to you, it's recommended to reindex
      possibly-affected indexes after updating.

    + Also, if you are upgrading from a version earlier than 12.6,
      see those release notes as well please.

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-9.html

 -- Christian Ehrhardt <email address hidden> Tue, 09 Nov 2021 09:39:52 +0100




About   -   Send Feedback to @ubuntu_updates