-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 Aug 2025 15:59:31 +0200
Source: postgresql-13
Architecture: source
Version: 13.22-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-13 (13.22-0+deb11u1) bullseye-security; urgency=medium
.
* New upstream version 13.22.
.
+ Tighten security checks in planner estimation functions (Dean Rasheed)
.
The fix for CVE-2017-7484, plus followup fixes, intended to prevent
leaky functions from being applied to statistics data for columns that
the calling user does not have permission to read. Two gaps in that
protection have been found. One gap applies to partitioning and
inheritance hierarchies where RLS policies on the tables should restrict
access to statistics data, but did not.
.
The other gap applies to cases where the query accesses a table via a
view, and the view owner has permissions to read the underlying table
but the calling user does not have permissions on the view. The view
owner's permissions satisfied the security checks, and the leaky
function would get applied to the underlying table's statistics before
we check the calling user's permissions on the view. This has been
fixed by making security checks on views occur at the start of planning.
That might cause permissions failures to occur earlier than before.
.
The PostgreSQL Project thanks Dean Rasheed for reporting this problem.
(CVE-2025-8713)
.
+ Prevent pg_dump scripts from being used to attack the user running the
restore (Nathan Bossart)
.
Since dump/restore operations typically involve running SQL commands as
superuser, the target database installation must trust the source
server. However, it does not follow that the operating system user who
executes psql to perform the restore should have to trust the source
server. The risk here is that an attacker who has gained
superuser-level control over the source server might be able to cause it
to emit text that would be interpreted as psql meta-commands. That would
provide shell-level access to the restoring user's own account,
independently of access to the target database.
.
To provide a positive guarantee that this can't happen, extend psql with
a \restrict command that prevents execution of further meta-commands,
and teach pg_dump to issue that before any data coming from the source
server.
.
The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and
RyotaK for reporting this problem. (CVE-2025-8714)
.
+ Convert newlines to spaces in names included in comments in pg_dump
output (Noah Misch)
.
Object names containing newlines offered the ability to inject arbitrary
SQL commands into the output script. (Without the preceding fix,
injection of psql meta-commands would also be possible this way.)
CVE-2012-0868 fixed this class of problem at the time, but later work
reintroduced several cases.
.
The PostgreSQL Project thanks Noah Misch for reporting this problem.
(CVE-2025-8715)
Checksums-Sha1:
3a43265253d6c62920b92ea541ba47dd83a90576 3703 postgresql-13_13.22-0+deb11u1.dsc
3a5f8f2a4e889c395db905147be40dc1f8192fa4 21783034 postgresql-13_13.22.orig.tar.bz2
7cfa7435ea5a0cece03bab100de55a9504d5ae8e 37104 postgresql-13_13.22-0+deb11u1.debian.tar.xz
Checksums-Sha256:
a6aad4fc2ec260c82f125ed74318eab7c11a6f43f0cecfbc57632a6ce90cc9d0 3703 postgresql-13_13.22-0+deb11u1.dsc
d36d83dc89e625502cf6fb1d0529642ba1266bd614b4e4a41cefd1dddcf09080 21783034 postgresql-13_13.22.orig.tar.bz2
d2269efab97ddcb8b56e130bd0993cfedcfec2d23197347d8ca16ed407ce5ef7 37104 postgresql-13_13.22-0+deb11u1.debian.tar.xz
Files:
eff9158b4ed7af15792d166f4b621eb4 3703 database optional postgresql-13_13.22-0+deb11u1.dsc
a00f4df54a13d230d3b3694f75e0f28b 21783034 database optional postgresql-13_13.22.orig.tar.bz2
717ec23990749f93a8f4b6c2638731fa 37104 database optional postgresql-13_13.22-0+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmid7bQACgkQTFprqxLS
p67LYxAAlV0mfyDOtOBLpUqOAcDvVS00p99EZ/Mw/VDpG+lPmbXx9u2s+k4lgRpE
N19wGZKEP0RzNRdHz2wtRRXJxE3WUob7nmsj0q/ZORA5KnIfqGXHPVYSElo4BzHN
lrHIhlOo4iG40Sk0rrdbc8JOcqogPwbZub6TJKSYgRl3WtkeY5A2mKw7RQBdnRUA
f8r/mPQCtArh7U6MzbbTw6q8JELMWAGCDJ90j8mdrSv8I2B/ghpjduM3XmAnPJOD
ULPmJvme5xm0+aPmjY+4pasmeGcBulb3Qag2PXld2BAQ3mPWHhCY4mPBSBBCX52K
zphdijTib10EHVBqcNjjTp5BBkGFrmloqgboCY21PtLckpwb164STvC4yFQOemHN
D5W1hWtIkmV7DW2f5e17cdxjnEXxoaV8QGbkLi4iIxQzClnq34UfH2/aXE/FGvKs
xnbWWjLo3AUofUKsT2JipXsXp/5Zb7N9h1CMXa5hMs8GiF7rjkb9+mmZPAA9G27X
WArJoL63vBQVT7nhnuFCvVN3D5bLMS8JzAo4wBwSixXp/uOIbwX9ide3lX75rNjb
SzQ+wje2Py4bjpdF2BluXqT40biUaU7U6INeGB0zQV52wzuRZ9THgpuMWeg5vnrw
pTKI74h9IrhI6tS7xh6jTxgq5iLZ6OpUjdb6L/x/Zjxtk9pxhvM=
=CBup
-----END PGP SIGNATURE-----
Attachment:
pgprkyMtgwbKG.pgp
Description: PGP signature