SUSE-SU-2020:2149-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20202149-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:2149-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:2149-1
Related
Published
2020-08-06T11:37:25Z
Modified
2020-08-06T11:37:25Z
Summary
Security update for postgresql10 and postgresql12
Details

This update for postgresql10 and postgresql12 fixes the following issues:

postgresql10 was updated to 10.13 (bsc#1171924).

https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html

postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985)

  • https://www.postgresql.org/about/news/2011/
  • https://www.postgresql.org/docs/10/release-10-12.html

postgresql10 was updated to 10.11:

  • https://www.postgresql.org/about/news/1994/
  • https://www.postgresql.org/docs/10/release-10-11.html

postgresql12 was updated to 12.3 (bsc#1171924).

Bug Fixes and Improvements:

  • Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input.
  • Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes.
  • Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects.
  • Allow for a partition to be detached when it has inherited ROW triggers.
  • Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails.
  • Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression.
  • Fix performance regression in floating point overflow/underflow detection.
  • Several fixes for full text search, particularly with phrase searching.
  • Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause.
  • Several reporting fixes for the output of VACUUM VERBOSE.
  • Allow input of type circle to accept the format (x,y),r, which is specified in the documentation.
  • Allow for the getbit() and setbit() functions to not fail on bytea strings longer than 256MB.
  • Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived.
  • Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines.
  • Several fixes for logical replication and replication slots.
  • Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronousstandbynames setting.
  • Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption.
  • Ensure that members of the pgreadall_stats role can read all statistics views.
  • Fix performance regression in information_schema.triggers view.
  • Fix memory leak in libpq when using sslmode=verify-full.
  • Fix crash in psql when attempting to re-establish a failed connection.
  • Allow tab-completion of the filename argument to \gx command in psql.
  • Add pg_dump support for ALTER ... DEPENDS ON EXTENSION.
  • Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end.
  • Ensure pg_basebackup generates valid tar files.
  • pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version
  • Several Windows compatibility fixes

This update also contains timezone tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions.

For more details, check out:

  • https://www.postgresql.org/docs/12/release-12-3.html

Other fixes:

  • Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema.
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libpq5-32bit": "12.3-3.8.1",
            "libpq5": "12.3-3.8.1",
            "postgresql": "12.0.1-8.14.1",
            "postgresql12": "12.3-3.8.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / postgresql12

Package

Name
postgresql12
Purl
purl:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3-3.8.1

Ecosystem specific

{
    "binaries": [
        {
            "libpq5-32bit": "12.3-3.8.1",
            "libpq5": "12.3-3.8.1",
            "postgresql": "12.0.1-8.14.1",
            "postgresql12": "12.3-3.8.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP1 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql-test": "12.0.1-8.14.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP1 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql12-docs": "12.3-3.8.1",
            "libecpg6": "12.3-3.8.1",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql12-plperl": "12.3-3.8.1",
            "postgresql12-plpython": "12.3-3.8.1",
            "postgresql12-contrib": "12.3-3.8.1",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql12-devel": "12.3-3.8.1",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql12-server": "12.3-3.8.1",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql12-pltcl": "12.3-3.8.1",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql-server-devel": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql12-server-devel": "12.3-3.8.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP1 / postgresql12

Package

Name
postgresql12
Purl
purl:rpm/suse/postgresql12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.3-3.8.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql12-docs": "12.3-3.8.1",
            "libecpg6": "12.3-3.8.1",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql12-plperl": "12.3-3.8.1",
            "postgresql12-plpython": "12.3-3.8.1",
            "postgresql12-contrib": "12.3-3.8.1",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql12-devel": "12.3-3.8.1",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql12-server": "12.3-3.8.1",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql12-pltcl": "12.3-3.8.1",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql-server-devel": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql12-server-devel": "12.3-3.8.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / postgresql10

Package

Name
postgresql10
Purl
purl:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.13-4.22.4

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / postgresql10

Package

Name
postgresql10
Purl
purl:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.13-4.22.4

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / postgresql10

Package

Name
postgresql10
Purl
purl:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.13-4.22.4

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.1-8.14.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / postgresql10

Package

Name
postgresql10
Purl
purl:rpm/suse/postgresql10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.13-4.22.4

Ecosystem specific

{
    "binaries": [
        {
            "postgresql10-docs": "10.13-4.22.4",
            "libpq5-32bit": "10.13-4.22.4",
            "libecpg6": "10.13-4.22.4",
            "postgresql-plperl": "12.0.1-8.14.1",
            "postgresql10-contrib": "10.13-4.22.4",
            "libpq5": "10.13-4.22.4",
            "postgresql-devel": "12.0.1-8.14.1",
            "postgresql-pltcl": "12.0.1-8.14.1",
            "postgresql10-plperl": "10.13-4.22.4",
            "postgresql10-devel": "10.13-4.22.4",
            "postgresql-docs": "12.0.1-8.14.1",
            "postgresql10-pltcl": "10.13-4.22.4",
            "postgresql-plpython": "12.0.1-8.14.1",
            "postgresql10-server": "10.13-4.22.4",
            "postgresql-contrib": "12.0.1-8.14.1",
            "postgresql10": "10.13-4.22.4",
            "postgresql": "12.0.1-8.14.1",
            "postgresql-server": "12.0.1-8.14.1",
            "postgresql10-plpython": "10.13-4.22.4"
        }
    ]
}