-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Aug 2025 20:13:29 +0200
Source: postgresql-15
Architecture: source
Version: 15.14-0+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-15 (15.14-0+deb12u1) bookworm; urgency=medium
.
* New upstream version 15.14.
.
+ Tighten security checks in planner estimation functions (Dean Rasheed)
.
The fix for CVE-2017-7484, plus followup fixes, intended to prevent
leaky functions from being applied to statistics data for columns that
the calling user does not have permission to read. Two gaps in that
protection have been found. One gap applies to partitioning and
inheritance hierarchies where RLS policies on the tables should restrict
access to statistics data, but did not.
.
The other gap applies to cases where the query accesses a table via a
view, and the view owner has permissions to read the underlying table
but the calling user does not have permissions on the view. The view
owner's permissions satisfied the security checks, and the leaky
function would get applied to the underlying table's statistics before
we check the calling user's permissions on the view. This has been
fixed by making security checks on views occur at the start of planning.
That might cause permissions failures to occur earlier than before.
.
The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
(CVE-2025-8713)
.
+ Prevent pg_dump scripts from being used to attack the user running the
restore (Nathan Bossart)
.
Since dump/restore operations typically involve running SQL commands as
superuser, the target database installation must trust the source
server. However, it does not follow that the operating system user who
executes psql to perform the restore should have to trust the source
server. The risk here is that an attacker who has gained
superuser-level control over the source server might be able to cause it
to emit text that would be interpreted as psql meta-commands. That would
provide shell-level access to the restoring user's own account,
independently of access to the target database.
.
To provide a positive guarantee that this can't happen, extend psql with
a \restrict command that prevents execution of further meta-commands,
and teach pg_dump to issue that before any data coming from the source
server.
.
The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
RyotaK for reporting this problem. (CVE-2025-8714)
.
+ Convert newlines to spaces in names included in comments in pg_dump
output (Noah Misch)
.
Object names containing newlines offered the ability to inject arbitrary
SQL commands into the output script. (Without the preceding fix,
injection of psql meta-commands would also be possible this way.)
CVE-2012-0868 fixed this class of problem at the time, but later work
reintroduced several cases.
.
The PostgreSQL Project thanks Noah Misch for reporting this problem.
(CVE-2025-8715)
Checksums-Sha1:
b37f24684a50416adacb53b6a91dd2e92819ee05 3926 postgresql-15_15.14-0+deb12u1.dsc
474c7ee4c36f34dac2080c7ec569f1b485df724e 23229854 postgresql-15_15.14.orig.tar.bz2
c7354555c87517b9333734a4fabc4418e5813880 29292 postgresql-15_15.14-0+deb12u1.debian.tar.xz
Checksums-Sha256:
dfadb4a24df17970d152f845db33e589617938f04142a4f6708088adce0ace1a 3926 postgresql-15_15.14-0+deb12u1.dsc
06dd75d305cd3870ee62b3932e661c624543eaf9ae2ba37cdec0a4f8edd051d2 23229854 postgresql-15_15.14.orig.tar.bz2
1d66919ab0816c8962f3966455b2bee7a8359d118d4d0c54277efb2c4dedac67 29292 postgresql-15_15.14-0+deb12u1.debian.tar.xz
Files:
c32101eb832f73de2eaab47af22131a8 3926 database optional postgresql-15_15.14-0+deb12u1.dsc
d20c3f7b7f9422d1b896d6362858cea1 23229854 database optional postgresql-15_15.14.orig.tar.bz2
fadeb435d1c0127d9d4bf7ecfd676b47 29292 database optional postgresql-15_15.14-0+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmic1ngACgkQTFprqxLS
p65hEhAAlq+oX2Rk6imiXLZJJ495e0WAo5YWDwQccNzNflD2t79M0Z2SnSTi3+bV
p6Qs19FoDBiBl3WhAs1I2tD6b30viwHr2fXCtyhRy+JC5xq9eu/0fMfX4NpFHuwx
1C02QfV7HFin73ZVb46IfuLdB8eLUhrL7avj0LDUzlVIPyWEhlzFxgFaDcNF2SxN
Dksm5Y1WmahXoHeql3vgxXJwsEkUSFoQqR8P2+HgwCVbplhljf/bqhnWWgFlHBz/
QslObmALXSocGfudAoFqVHML5FbO5kzmkZKPTYiHwZrWlu51ASTXtG/rSZY8I5kK
AZBaJy1sf/Msal+frHoDd/0J7rML93GIrhjx+QhrmxUws+XvzNxcRFm9pTFYeVlI
0lpmaZknVefgr8FPp8qFch/lmOC+XJP5mf9WLGRFLObH0w4UaplGtZxKBdbAEjQi
KuQo7wqZXZPKTY5VHjBCG1+UtdB7vakOZHkcLXVLQpETybp3EKTsdKcUCEgJjA4T
YzWKN45smMAJhDLEaV06b9eFCLeF3JS/kWiVNDln42nAynLMvb3lI7t5Ypaty672
KzZUWyf92lC84124Qygi1//pAp9Bq7t9blZMdjpZghJQuNKVgTmN8VwH0w+9fZGv
KjCXjt5WR+M5bcmZVazR0Sdlj0apAyQNOBCvCVWW3KZYUpmwyvU=
=uNdZ
-----END PGP SIGNATURE-----
Attachment:
pgpMQZ1gERiO9.pgp
Description: PGP signature