Mailinglist Archive: opensuse-security-announce (77 mails)

< Previous Next >
[security-announce] openSUSE-SU-2020:1228-1: moderate: Security update for postgresql, postgresql96, postgresql10, postgresql12
openSUSE Security Update: Security update for postgresql, postgresql96,
postgresql10, postgresql12
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1228-1
Rating: moderate
References: #1148643 #1171924 #1175193 #1175194
Cross-References: CVE-2020-14349 CVE-2020-14350
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that solves two vulnerabilities and has two fixes
is now available.

Description:

This update for postgresql, postgresql96, postgresql10, postgresql12 fixes
the following issues:

Postgresql12 was updated to 12.3 (bsc#1171924).

- https://www.postgresql.org/about/news/2038/
- https://www.postgresql.org/docs/12/release-12-3.html

- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
and complete cutover to the new packaging schema.

Also changed in the postgresql wrapper package:

- Bump version to 12.0.1, so that the binary packages also have a
cut-point to conflict with.

- Conflict with versions of the binary packages prior to the May 2020
update, because we changed the package layout at that point and need a
clean cutover.

- Bump package version to 12, but leave default at 10 for SLE-15 and
SLE-15-SP1.

postgresql11 was updated to 11.9:


* CVE-2020-14349, bsc#1175193: Set a secure search_path in logical
replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts
more secure.
* https://www.postgresql.org/docs/11/release-11-9.html
- Pack the /usr/lib/postgresql symlink only into the main package.

postgresql11 was updated to 11.8 (bsc#1171924).

* https://www.postgresql.org/about/news/2038/
* https://www.postgresql.org/docs/11/release-11-8.html

- Unify the spec file to work across all current PostgreSQL versions to
simplify future maintenance.
- Move from the "libs" build flavour to a "mini" package that will
only be used inside the build service and not get shipped, to avoid
confusion with the debuginfo packages (bsc#1148643).

postgresql10 was updated to 10.13 (bsc#1171924).

- https://www.postgresql.org/about/news/2038/
- https://www.postgresql.org/docs/10/release-10-13.html

- Unify the spec file to work across all current PostgreSQL versions to
simplify future maintenance.
- Move from the "libs" build flavour to a "mini" package that will
only be used inside the build service and not get shipped, to avoid
confusion with the debuginfo packages (bsc#1148643).

postgresql96 was updated to 9.6.19:

* CVE-2020-14350, boo#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/9.6/release-9-6-19.html

- Pack the /usr/lib/postgresql symlink only into the main package.

- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
and complete cutover to the new packaging schema.

- update to 9.6.18 (boo#1171924).
https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/9.6/release-9-6-18.html
- Unify the spec file to work across all current PostgreSQL versions to
simplify future maintenance.
- Move from the "libs" build flavour to a "mini" package that will
only be used inside the build service and not get shipped, to avoid
confusion with the debuginfo packages (boo#1148643).

This update was imported from the SUSE:SLE-15-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1228=1



Package List:

- openSUSE Leap 15.2 (i586 x86_64):

libecpg6-12.3-lp152.3.4.1
libecpg6-debuginfo-12.3-lp152.3.4.1
libpq5-12.3-lp152.3.4.1
libpq5-debuginfo-12.3-lp152.3.4.1
postgresql10-10.13-lp152.2.3.1
postgresql10-contrib-10.13-lp152.2.3.1
postgresql10-contrib-debuginfo-10.13-lp152.2.3.1
postgresql10-debuginfo-10.13-lp152.2.3.1
postgresql10-debugsource-10.13-lp152.2.3.1
postgresql10-devel-10.13-lp152.2.3.1
postgresql10-devel-debuginfo-10.13-lp152.2.3.1
postgresql10-plperl-10.13-lp152.2.3.1
postgresql10-plperl-debuginfo-10.13-lp152.2.3.1
postgresql10-plpython-10.13-lp152.2.3.1
postgresql10-plpython-debuginfo-10.13-lp152.2.3.1
postgresql10-pltcl-10.13-lp152.2.3.1
postgresql10-pltcl-debuginfo-10.13-lp152.2.3.1
postgresql10-server-10.13-lp152.2.3.1
postgresql10-server-debuginfo-10.13-lp152.2.3.1
postgresql10-test-10.13-lp152.2.3.1
postgresql12-12.3-lp152.3.4.1
postgresql12-contrib-12.3-lp152.3.4.1
postgresql12-contrib-debuginfo-12.3-lp152.3.4.1
postgresql12-debuginfo-12.3-lp152.3.4.1
postgresql12-debugsource-12.3-lp152.3.4.1
postgresql12-devel-12.3-lp152.3.4.1
postgresql12-devel-debuginfo-12.3-lp152.3.4.1
postgresql12-llvmjit-12.3-lp152.3.4.1
postgresql12-llvmjit-debuginfo-12.3-lp152.3.4.1
postgresql12-plperl-12.3-lp152.3.4.1
postgresql12-plperl-debuginfo-12.3-lp152.3.4.1
postgresql12-plpython-12.3-lp152.3.4.1
postgresql12-plpython-debuginfo-12.3-lp152.3.4.1
postgresql12-pltcl-12.3-lp152.3.4.1
postgresql12-pltcl-debuginfo-12.3-lp152.3.4.1
postgresql12-server-12.3-lp152.3.4.1
postgresql12-server-debuginfo-12.3-lp152.3.4.1
postgresql12-server-devel-12.3-lp152.3.4.1
postgresql12-server-devel-debuginfo-12.3-lp152.3.4.1
postgresql12-test-12.3-lp152.3.4.1
postgresql96-9.6.19-lp152.2.3.1
postgresql96-contrib-9.6.19-lp152.2.3.1
postgresql96-contrib-debuginfo-9.6.19-lp152.2.3.1
postgresql96-debuginfo-9.6.19-lp152.2.3.1
postgresql96-debugsource-9.6.19-lp152.2.3.1
postgresql96-devel-9.6.19-lp152.2.3.1
postgresql96-devel-debuginfo-9.6.19-lp152.2.3.1
postgresql96-plperl-9.6.19-lp152.2.3.1
postgresql96-plperl-debuginfo-9.6.19-lp152.2.3.1
postgresql96-plpython-9.6.19-lp152.2.3.1
postgresql96-plpython-debuginfo-9.6.19-lp152.2.3.1
postgresql96-pltcl-9.6.19-lp152.2.3.1
postgresql96-pltcl-debuginfo-9.6.19-lp152.2.3.1
postgresql96-server-9.6.19-lp152.2.3.1
postgresql96-server-debuginfo-9.6.19-lp152.2.3.1
postgresql96-test-9.6.19-lp152.2.3.1

- openSUSE Leap 15.2 (noarch):

postgresql-12.0.1-lp152.3.3.2
postgresql-contrib-12.0.1-lp152.3.3.2
postgresql-devel-12.0.1-lp152.3.3.2
postgresql-docs-12.0.1-lp152.3.3.2
postgresql-llvmjit-12.0.1-lp152.3.3.2
postgresql-plperl-12.0.1-lp152.3.3.2
postgresql-plpython-12.0.1-lp152.3.3.2
postgresql-pltcl-12.0.1-lp152.3.3.2
postgresql-server-12.0.1-lp152.3.3.2
postgresql-server-devel-12.0.1-lp152.3.3.2
postgresql-test-12.0.1-lp152.3.3.2
postgresql10-docs-10.13-lp152.2.3.1
postgresql11-docs-11.9-lp152.3.3.1
postgresql12-docs-12.3-lp152.3.4.1
postgresql96-docs-9.6.19-lp152.2.3.1

- openSUSE Leap 15.2 (x86_64):

libecpg6-32bit-12.3-lp152.3.4.1
libecpg6-32bit-debuginfo-12.3-lp152.3.4.1
libpq5-32bit-12.3-lp152.3.4.1
libpq5-32bit-debuginfo-12.3-lp152.3.4.1
postgresql11-11.9-lp152.3.3.1
postgresql11-contrib-11.9-lp152.3.3.1
postgresql11-contrib-debuginfo-11.9-lp152.3.3.1
postgresql11-debuginfo-11.9-lp152.3.3.1
postgresql11-debugsource-11.9-lp152.3.3.1
postgresql11-devel-11.9-lp152.3.3.1
postgresql11-devel-debuginfo-11.9-lp152.3.3.1
postgresql11-llvmjit-11.9-lp152.3.3.1
postgresql11-llvmjit-debuginfo-11.9-lp152.3.3.1
postgresql11-plperl-11.9-lp152.3.3.1
postgresql11-plperl-debuginfo-11.9-lp152.3.3.1
postgresql11-plpython-11.9-lp152.3.3.1
postgresql11-plpython-debuginfo-11.9-lp152.3.3.1
postgresql11-pltcl-11.9-lp152.3.3.1
postgresql11-pltcl-debuginfo-11.9-lp152.3.3.1
postgresql11-server-11.9-lp152.3.3.1
postgresql11-server-debuginfo-11.9-lp152.3.3.1
postgresql11-server-devel-11.9-lp152.3.3.1
postgresql11-server-devel-debuginfo-11.9-lp152.3.3.1
postgresql11-test-11.9-lp152.3.3.1


References:

https://www.suse.com/security/cve/CVE-2020-14349.html
https://www.suse.com/security/cve/CVE-2020-14350.html
https://bugzilla.suse.com/1148643
https://bugzilla.suse.com/1171924
https://bugzilla.suse.com/1175193
https://bugzilla.suse.com/1175194

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages