openSUSE-SU-2021:0337-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0337-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0337-1
Related
Published
2021-02-24T17:05:14Z
Modified
2021-02-24T17:05:14Z
Summary
Security update for postgresql, postgresql13
Details

This update for postgresql, postgresql13 fixes the following issues:

This update ships postgresql13.

Upgrade to version 13.1:

  • CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries.
  • CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pgdump, pgrestore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used.
  • CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables.
  • Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch)
  • https://www.postgresql.org/about/news/2111/
  • https://www.postgresql.org/docs/13/release-13-1.html

Initial packaging of PostgreSQL 13:

  • https://www.postgresql.org/about/news/2077/
  • https://www.postgresql.org/docs/13/release-13.html

  • bsc#1178961: %ghost the symlinks to pg_config and ecpg.

Changes in postgresql wrapper package:

  • Bump major version to 13.
  • We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94.
  • Also conflict with PostgreSQL versions before 9.
  • Conflicting with older versions is not limited to SLE.

This update was imported from the SUSE:SLE-15-SP2:Update update project.

References

Affected packages

openSUSE:Leap 15.2 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13-lp152.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "postgresql-devel": "13-lp152.3.6.1",
            "postgresql-plperl": "13-lp152.3.6.1",
            "postgresql-test": "13-lp152.3.6.1",
            "postgresql-docs": "13-lp152.3.6.1",
            "postgresql-plpython": "13-lp152.3.6.1",
            "postgresql-contrib": "13-lp152.3.6.1",
            "postgresql-llvmjit": "13-lp152.3.6.1",
            "postgresql": "13-lp152.3.6.1",
            "postgresql-server": "13-lp152.3.6.1",
            "postgresql-pltcl": "13-lp152.3.6.1",
            "postgresql-server-devel": "13-lp152.3.6.1"
        }
    ]
}