openSUSE-SU-2021:0337-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0337-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0337-1
- Related
- Published
- 2021-02-24T17:05:14Z
- Modified
- 2021-02-24T17:05:14Z
- Summary
- Security update for postgresql, postgresql13
- Details
-
This update for postgresql, postgresql13 fixes the following issues:
This update ships postgresql13.
Upgrade to version 13.1:
- CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries.
- CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pgdump, pgrestore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used.
- CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables.
- Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch)
- https://www.postgresql.org/about/news/2111/
- https://www.postgresql.org/docs/13/release-13-1.html
Initial packaging of PostgreSQL 13:
- https://www.postgresql.org/about/news/2077/
https://www.postgresql.org/docs/13/release-13.html
bsc#1178961: %ghost the symlinks to pg_config and ecpg.
Changes in postgresql wrapper package:
- Bump major version to 13.
- We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94.
- Also conflict with PostgreSQL versions before 9.
- Conflicting with older versions is not limited to SLE.
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQQBNVIVAXDZCJPFZE43ZEZ3C6DSC3WG/
- https://bugzilla.suse.com/1178666
- https://bugzilla.suse.com/1178667
- https://bugzilla.suse.com/1178668
- https://bugzilla.suse.com/1178961
- https://www.suse.com/security/cve/CVE-2020-25694
- https://www.suse.com/security/cve/CVE-2020-25695
- https://www.suse.com/security/cve/CVE-2020-25696
Affected packages
openSUSE:Leap 15.2 / postgresql
Package
- Name
- postgresql
- Purl
- purl:rpm/suse/postgresql&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed13-lp152.3.6.1
Ecosystem specific
{
"binaries": [
{
"postgresql-devel": "13-lp152.3.6.1",
"postgresql-plperl": "13-lp152.3.6.1",
"postgresql-test": "13-lp152.3.6.1",
"postgresql-docs": "13-lp152.3.6.1",
"postgresql-plpython": "13-lp152.3.6.1",
"postgresql-contrib": "13-lp152.3.6.1",
"postgresql-llvmjit": "13-lp152.3.6.1",
"postgresql": "13-lp152.3.6.1",
"postgresql-server": "13-lp152.3.6.1",
"postgresql-pltcl": "13-lp152.3.6.1",
"postgresql-server-devel": "13-lp152.3.6.1"
}
]
}