From 0c8215c7b6bdf528edab88943438f0db9afad49b Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 9 May 2022 14:29:53 -0400 Subject: [PATCH] Last-minute updates for release notes. Security: CVE-2022-1552 --- doc/src/sgml/release-13.sgml | 83 ++++++++++++++++++++++++++---------- 1 file changed, 60 insertions(+), 23 deletions(-) diff --git a/doc/src/sgml/release-13.sgml b/doc/src/sgml/release-13.sgml index 42da1b5046..3f95cb1851 100644 --- a/doc/src/sgml/release-13.sgml +++ b/doc/src/sgml/release-13.sgml @@ -26,7 +26,7 @@ However, if you have any GiST indexes on columns of type ltree (supplied by the contrib/ltree extension), you should re-index them after updating. - See the first changelog entry below. + See the second changelog entry below. @@ -42,6 +42,49 @@ + + Confine additional operations within security restricted + operation sandboxes (Sergey Shinderuk, Noah Misch) + + + + Autovacuum, CLUSTER, CREATE + INDEX, REINDEX, REFRESH + MATERIALIZED VIEW, + and pg_amcheck activated + the security restricted operation protection + mechanism too late, or even not at all in some code paths. + A user having permission to create non-temporary objects within a + database could define an object that would execute arbitrary SQL + code with superuser permissions the next time that autovacuum + processed the object, or that some superuser ran one of the affected + commands against it. + + + + The PostgreSQL Project thanks + Alexander Lakhin for reporting this problem. + (CVE-2022-1552) + + + + + - - Disallow infinite endpoints in the timestamp variants - of generate_series() (Tom Lane) - - - - Previously, such a call would run until canceled (or - out-of-disk-space). The numeric variant already threw an error for - an infinite endpoint value, so do likewise for timestamps. - - - - - + + Avoid core dump in parser for a VALUES clause with + zero columns (Tom Lane) + + + + +