postgresql-15.4

[Douglas R. Reno]

New minor version

[Douglas R. Reno]

Security Issues:

Security Issues
CVE-2023-39417: Extension script @substitutions@ within quoting allow SQL injection.

Supported, Vulnerable Versions: 11 - 15. The security team typically does not test 
unsupported versions, but this problem is quite old.

An extension script is vulnerable if it uses @extowner@, @extschema@, or 
@extschema:...@ inside a quoting construct (dollar quoting, '', or ""). No bundled 
extension is vulnerable. Vulnerable uses do appear in a documentation example and in 
non-bundled extensions. Hence, the attack prerequisite is an administrator having 
installed files of a vulnerable, trusted, non-bundled extension. Subject to that 
prerequisite, this enables an attacker having database-level CREATE privilege to 
execute arbitrary code as the bootstrap superuser. PostgreSQL will block this attack in 
the core server, so there's no need to modify individual extensions.

CVE-2023-39418: MERGE fails to enforce UPDATE or SELECT row security policies.

Supported, Vulnerable Versions: 15.

PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row 
security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid 
some row that INSERT policies do not forbid, a user could store such rows. Subsequent 
consequences are application-dependent. This affects only databases that have used 
CREATE POLICY to define a row security policy.

Release Notes:

This update fixes over 40 bugs that were reported in the last several months. The 
issues listed below affect PostgreSQL 15. Some of these issues may also affect other 
supported versions of PostgreSQL.

    Fix for handling of NULL values in BRIN indexes. This fix does not apply to 
      existing BRIN indexes -- you will need to run REINDEX to fix any BRIN indexes 
      used to search for NULL values.
    Avoid leaving a corrupted database behind when DROP DATABASE is interrupted.
    Several fixes for partitioned indexes.
    Fix ALTER EXTENSION ... SET SCHEMA to error if the extension contains any objects 
      outside the extension's schema.
    Fix dependency tracking of access methods for tables.
    Don't use partial unique indexes for uniqueness proofs in the planner.
    Correctly handle sub-SELECTs in RLS policy expressions and security-barrier views 
      when expanding rule actions.
    Fix race conditions in conflict detection for SERIALIZABLE transaction isolation 
      mode.
    Fix intermittent failures when trying to update a field of a composite column that 
      requires out-of-line TOASTing.
    Fix several memory leaks that occurred during the lifespan of a query.
    Accept fractional seconds in the input to the jsonpath datetime() method.
    Increase token limit in pg_hba.conf and pg_ident.conf to 10,240 bytes.
    An out-of-memory error from JIT will now cause a PostgreSQL FATAL error instead of 
      a C++ exception.
    Allow VACUUM to continue after detecting certain types of B-tree index corruption. 
      While this fix allows VACUUM to continue, you still need to REINDEX to fix the 
      broken index.
    Avoid double replay of prepared transactions during crash recovery.
    Ensure that checkpoint calls fsync on a newly created but empty table.
    Silence "missing contrecord" errors to avoid logging inaccurate messages from 
      pg_waldump and walsender.
    Fix the [fuzzystrmatch](https://www.postgresql.org/docs/current/fuzzystrmatch.html 
      Soundex difference() function to correctly handle empty input.
    Several fixes for intarray, including disallowing oversize input arrays in a GiST 
      index.
    Fix pg_dump to correctly handle SQL-standard function bodies (BEGIN ATOMIC) that 
      require parse-time dependencies on unique indexes.

[Douglas R. Reno]

Fixed at 6bd666ac2e01a36d8c6a24fca95c1159d9ebf606

SA-11.3-076 issued