SUSE-SU-2021:0175-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20210175-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0175-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:0175-1
Related
Published
2021-01-20T08:24:08Z
Modified
2021-01-20T08:24:08Z
Summary
Security update for postgresql, postgresql13
Details

This update for postgresql, postgresql13 fixes the following issues:

This update ships postgresql13.

Upgrade to version 13.1:

  • CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries.
  • CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pgdump, pgrestore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used.
  • CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables.
  • Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch)
  • https://www.postgresql.org/about/news/2111/
  • https://www.postgresql.org/docs/13/release-13-1.html

Initial packaging of PostgreSQL 13:

  • https://www.postgresql.org/about/news/2077/
  • https://www.postgresql.org/docs/13/release-13.html

  • bsc#1178961: %ghost the symlinks to pg_config and ecpg.

Changes in postgresql wrapper package:

  • Bump major version to 13.
  • We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94.
  • Also conflict with PostgreSQL versions before 9.
  • Conflicting with older versions is not limited to SLE.
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP2 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13-4.6.7

Ecosystem specific

{
    "binaries": [
        {
            "libpq5-32bit": "13.1-5.3.15",
            "libpq5": "13.1-5.3.15",
            "postgresql": "13-4.6.7",
            "postgresql13": "13.1-5.3.15"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP2 / postgresql13

Package

Name
postgresql13
Purl
purl:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.1-5.3.15

Ecosystem specific

{
    "binaries": [
        {
            "libpq5-32bit": "13.1-5.3.15",
            "libpq5": "13.1-5.3.15",
            "postgresql": "13-4.6.7",
            "postgresql13": "13.1-5.3.15"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP2 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13-4.6.7

Ecosystem specific

{
    "binaries": [
        {
            "postgresql13-test": "13.1-5.3.15",
            "postgresql-test": "13-4.6.7"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP2 / postgresql13

Package

Name
postgresql13
Purl
purl:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.1-5.3.15

Ecosystem specific

{
    "binaries": [
        {
            "postgresql13-test": "13.1-5.3.15",
            "postgresql-test": "13-4.6.7"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP2 / postgresql

Package

Name
postgresql
Purl
purl:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13-4.6.7

Ecosystem specific

{
    "binaries": [
        {
            "libecpg6": "13.1-5.3.15",
            "postgresql-plperl": "13-4.6.7",
            "postgresql13-docs": "13.1-5.3.15",
            "postgresql13-contrib": "13.1-5.3.15",
            "postgresql-devel": "13-4.6.7",
            "postgresql13-devel": "13.1-5.3.15",
            "postgresql-pltcl": "13-4.6.7",
            "postgresql-docs": "13-4.6.7",
            "postgresql13-plperl": "13.1-5.3.15",
            "postgresql-plpython": "13-4.6.7",
            "postgresql13-pltcl": "13.1-5.3.15",
            "postgresql13-server": "13.1-5.3.15",
            "postgresql-contrib": "13-4.6.7",
            "postgresql-server-devel": "13-4.6.7",
            "postgresql-server": "13-4.6.7",
            "postgresql13-plpython": "13.1-5.3.15",
            "postgresql13-server-devel": "13.1-5.3.15"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP2 / postgresql13

Package

Name
postgresql13
Purl
purl:rpm/suse/postgresql13&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.1-5.3.15

Ecosystem specific

{
    "binaries": [
        {
            "libecpg6": "13.1-5.3.15",
            "postgresql-plperl": "13-4.6.7",
            "postgresql13-docs": "13.1-5.3.15",
            "postgresql13-contrib": "13.1-5.3.15",
            "postgresql-devel": "13-4.6.7",
            "postgresql13-devel": "13.1-5.3.15",
            "postgresql-pltcl": "13-4.6.7",
            "postgresql-docs": "13-4.6.7",
            "postgresql13-plperl": "13.1-5.3.15",
            "postgresql-plpython": "13-4.6.7",
            "postgresql13-pltcl": "13.1-5.3.15",
            "postgresql13-server": "13.1-5.3.15",
            "postgresql-contrib": "13-4.6.7",
            "postgresql-server-devel": "13-4.6.7",
            "postgresql-server": "13-4.6.7",
            "postgresql13-plpython": "13.1-5.3.15",
            "postgresql13-server-devel": "13.1-5.3.15"
        }
    ]
}