openSUSE-SU-2020:1228-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:1228-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2020:1228-1
- Related
- Published
- 2020-08-17T14:19:12Z
- Modified
- 2020-08-17T14:19:12Z
- Summary
- Security update for postgresql, postgresql96, postgresql10, postgresql12
- Details
-
This update for postgresql, postgresql96, postgresql10, postgresql12 fixes the following issues:
Postgresql12 was updated to 12.3 (bsc#1171924).
- https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/12/release-12-3.html
Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema.
Also changed in the postgresql wrapper package:
Bump version to 12.0.1, so that the binary packages also have a cut-point to conflict with.
Conflict with versions of the binary packages prior to the May 2020 update, because we changed the package layout at that point and need a clean cutover.
Bump package version to 12, but leave default at 10 for SLE-15 and SLE-15-SP1.
postgresql11 was updated to 11.9:
- CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers
- CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure.
- https://www.postgresql.org/docs/11/release-11-9.html
- Pack the /usr/lib/postgresql symlink only into the main package.
postgresql11 was updated to 11.8 (bsc#1171924).
- https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/11/release-11-8.html
Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance.
- Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (bsc#1148643).
postgresql10 was updated to 10.13 (bsc#1171924).
- https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/10/release-10-13.html
Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance.
- Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (bsc#1148643).
postgresql96 was updated to 9.6.19:
- CVE-2020-14350, boo#1175194: Make contrib modules' installation scripts more secure.
https://www.postgresql.org/docs/9.6/release-9-6-19.html
Pack the /usr/lib/postgresql symlink only into the main package.
Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema.
update to 9.6.18 (boo#1171924). https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/9.6/release-9-6-18.html
- Unify the spec file to work across all current PostgreSQL versions to simplify future maintenance.
- Move from the 'libs' build flavour to a 'mini' package that will only be used inside the build service and not get shipped, to avoid confusion with the debuginfo packages (boo#1148643).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RVKTSYB6VOWNCXMN2C6CHUQBVHCRICIH/
- https://bugzilla.suse.com/1148643
- https://bugzilla.suse.com/1171924
- https://bugzilla.suse.com/1175193
- https://bugzilla.suse.com/1175194
- https://www.suse.com/security/cve/CVE-2020-14349
- https://www.suse.com/security/cve/CVE-2020-14350
Affected packages
openSUSE:Leap 15.2 / postgresql
Package
- Name
- postgresql
- Purl
- purl:rpm/suse/postgresql&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.0.1-lp152.3.3.2
Ecosystem specific
{
"binaries": [
{
"postgresql96-plperl": "9.6.19-lp152.2.3.1",
"postgresql12-docs": "12.3-lp152.3.4.1",
"libpq5-32bit": "12.3-lp152.3.4.1",
"postgresql-plperl": "12.0.1-lp152.3.3.2",
"postgresql12-plpython": "12.3-lp152.3.4.1",
"postgresql12": "12.3-lp152.3.4.1",
"postgresql12-devel": "12.3-lp152.3.4.1",
"postgresql10-pltcl": "10.13-lp152.2.3.1",
"libecpg6-32bit": "12.3-lp152.3.4.1",
"postgresql10-server": "10.13-lp152.2.3.1",
"postgresql12-pltcl": "12.3-lp152.3.4.1",
"postgresql11-llvmjit": "11.9-lp152.3.3.1",
"postgresql11-server": "11.9-lp152.3.3.1",
"postgresql-server": "12.0.1-lp152.3.3.2",
"postgresql11-docs": "11.9-lp152.3.3.1",
"postgresql": "12.0.1-lp152.3.3.2",
"postgresql12-plperl": "12.3-lp152.3.4.1",
"postgresql96-docs": "9.6.19-lp152.2.3.1",
"postgresql96-pltcl": "9.6.19-lp152.2.3.1",
"postgresql96": "9.6.19-lp152.2.3.1",
"postgresql96-contrib": "9.6.19-lp152.2.3.1",
"postgresql11-devel": "11.9-lp152.3.3.1",
"postgresql11-contrib": "11.9-lp152.3.3.1",
"postgresql10-plperl": "10.13-lp152.2.3.1",
"postgresql-docs": "12.0.1-lp152.3.3.2",
"postgresql12-llvmjit": "12.3-lp152.3.4.1",
"postgresql-contrib": "12.0.1-lp152.3.3.2",
"postgresql-server-devel": "12.0.1-lp152.3.3.2",
"postgresql-llvmjit": "12.0.1-lp152.3.3.2",
"postgresql11-server-devel": "11.9-lp152.3.3.1",
"libecpg6": "12.3-lp152.3.4.1",
"postgresql11": "11.9-lp152.3.3.1",
"postgresql12-contrib": "12.3-lp152.3.4.1",
"libpq5": "12.3-lp152.3.4.1",
"postgresql-devel": "12.0.1-lp152.3.3.2",
"postgresql-pltcl": "12.0.1-lp152.3.3.2",
"postgresql12-test": "12.3-lp152.3.4.1",
"postgresql11-plpython": "11.9-lp152.3.3.1",
"postgresql96-devel": "9.6.19-lp152.2.3.1",
"postgresql10-devel": "10.13-lp152.2.3.1",
"postgresql-plpython": "12.0.1-lp152.3.3.2",
"postgresql96-test": "9.6.19-lp152.2.3.1",
"postgresql10-docs": "10.13-lp152.2.3.1",
"postgresql-test": "12.0.1-lp152.3.3.2",
"postgresql10-contrib": "10.13-lp152.2.3.1",
"postgresql10-test": "10.13-lp152.2.3.1",
"postgresql96-plpython": "9.6.19-lp152.2.3.1",
"postgresql12-server": "12.3-lp152.3.4.1",
"postgresql11-test": "11.9-lp152.3.3.1",
"postgresql11-plperl": "11.9-lp152.3.3.1",
"postgresql10": "10.13-lp152.2.3.1",
"postgresql96-server": "9.6.19-lp152.2.3.1",
"postgresql11-pltcl": "11.9-lp152.3.3.1",
"postgresql10-plpython": "10.13-lp152.2.3.1",
"postgresql12-server-devel": "12.3-lp152.3.4.1"
}
]
}
openSUSE:Leap 15.2 / postgresql10
Package
- Name
- postgresql10
- Purl
- purl:rpm/suse/postgresql10&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.13-lp152.2.3.1
Ecosystem specific
{
"binaries": [
{
"postgresql96-plperl": "9.6.19-lp152.2.3.1",
"postgresql12-docs": "12.3-lp152.3.4.1",
"libpq5-32bit": "12.3-lp152.3.4.1",
"postgresql-plperl": "12.0.1-lp152.3.3.2",
"postgresql12-plpython": "12.3-lp152.3.4.1",
"postgresql12": "12.3-lp152.3.4.1",
"postgresql12-devel": "12.3-lp152.3.4.1",
"postgresql10-pltcl": "10.13-lp152.2.3.1",
"libecpg6-32bit": "12.3-lp152.3.4.1",
"postgresql10-server": "10.13-lp152.2.3.1",
"postgresql12-pltcl": "12.3-lp152.3.4.1",
"postgresql11-llvmjit": "11.9-lp152.3.3.1",
"postgresql11-server": "11.9-lp152.3.3.1",
"postgresql-server": "12.0.1-lp152.3.3.2",
"postgresql11-docs": "11.9-lp152.3.3.1",
"postgresql": "12.0.1-lp152.3.3.2",
"postgresql12-plperl": "12.3-lp152.3.4.1",
"postgresql96-docs": "9.6.19-lp152.2.3.1",
"postgresql96-pltcl": "9.6.19-lp152.2.3.1",
"postgresql96": "9.6.19-lp152.2.3.1",
"postgresql96-contrib": "9.6.19-lp152.2.3.1",
"postgresql11-devel": "11.9-lp152.3.3.1",
"postgresql11-contrib": "11.9-lp152.3.3.1",
"postgresql10-plperl": "10.13-lp152.2.3.1",
"postgresql-docs": "12.0.1-lp152.3.3.2",
"postgresql12-llvmjit": "12.3-lp152.3.4.1",
"postgresql-contrib": "12.0.1-lp152.3.3.2",
"postgresql-server-devel": "12.0.1-lp152.3.3.2",
"postgresql-llvmjit": "12.0.1-lp152.3.3.2",
"postgresql11-server-devel": "11.9-lp152.3.3.1",
"libecpg6": "12.3-lp152.3.4.1",
"postgresql11": "11.9-lp152.3.3.1",
"postgresql12-contrib": "12.3-lp152.3.4.1",
"libpq5": "12.3-lp152.3.4.1",
"postgresql-devel": "12.0.1-lp152.3.3.2",
"postgresql-pltcl": "12.0.1-lp152.3.3.2",
"postgresql12-test": "12.3-lp152.3.4.1",
"postgresql11-plpython": "11.9-lp152.3.3.1",
"postgresql96-devel": "9.6.19-lp152.2.3.1",
"postgresql10-devel": "10.13-lp152.2.3.1",
"postgresql-plpython": "12.0.1-lp152.3.3.2",
"postgresql96-test": "9.6.19-lp152.2.3.1",
"postgresql10-docs": "10.13-lp152.2.3.1",
"postgresql-test": "12.0.1-lp152.3.3.2",
"postgresql10-contrib": "10.13-lp152.2.3.1",
"postgresql10-test": "10.13-lp152.2.3.1",
"postgresql96-plpython": "9.6.19-lp152.2.3.1",
"postgresql12-server": "12.3-lp152.3.4.1",
"postgresql11-test": "11.9-lp152.3.3.1",
"postgresql11-plperl": "11.9-lp152.3.3.1",
"postgresql10": "10.13-lp152.2.3.1",
"postgresql96-server": "9.6.19-lp152.2.3.1",
"postgresql11-pltcl": "11.9-lp152.3.3.1",
"postgresql10-plpython": "10.13-lp152.2.3.1",
"postgresql12-server-devel": "12.3-lp152.3.4.1"
}
]
}
openSUSE:Leap 15.2 / postgresql11
Package
- Name
- postgresql11
- Purl
- purl:rpm/suse/postgresql11&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.9-lp152.3.3.1
Ecosystem specific
{
"binaries": [
{
"postgresql96-plperl": "9.6.19-lp152.2.3.1",
"postgresql12-docs": "12.3-lp152.3.4.1",
"libpq5-32bit": "12.3-lp152.3.4.1",
"postgresql-plperl": "12.0.1-lp152.3.3.2",
"postgresql12-plpython": "12.3-lp152.3.4.1",
"postgresql12": "12.3-lp152.3.4.1",
"postgresql12-devel": "12.3-lp152.3.4.1",
"postgresql10-pltcl": "10.13-lp152.2.3.1",
"libecpg6-32bit": "12.3-lp152.3.4.1",
"postgresql10-server": "10.13-lp152.2.3.1",
"postgresql12-pltcl": "12.3-lp152.3.4.1",
"postgresql11-llvmjit": "11.9-lp152.3.3.1",
"postgresql11-server": "11.9-lp152.3.3.1",
"postgresql-server": "12.0.1-lp152.3.3.2",
"postgresql11-docs": "11.9-lp152.3.3.1",
"postgresql": "12.0.1-lp152.3.3.2",
"postgresql12-plperl": "12.3-lp152.3.4.1",
"postgresql96-docs": "9.6.19-lp152.2.3.1",
"postgresql96-pltcl": "9.6.19-lp152.2.3.1",
"postgresql96": "9.6.19-lp152.2.3.1",
"postgresql96-contrib": "9.6.19-lp152.2.3.1",
"postgresql11-devel": "11.9-lp152.3.3.1",
"postgresql11-contrib": "11.9-lp152.3.3.1",
"postgresql10-plperl": "10.13-lp152.2.3.1",
"postgresql-docs": "12.0.1-lp152.3.3.2",
"postgresql12-llvmjit": "12.3-lp152.3.4.1",
"postgresql-contrib": "12.0.1-lp152.3.3.2",
"postgresql-server-devel": "12.0.1-lp152.3.3.2",
"postgresql-llvmjit": "12.0.1-lp152.3.3.2",
"postgresql11-server-devel": "11.9-lp152.3.3.1",
"libecpg6": "12.3-lp152.3.4.1",
"postgresql11": "11.9-lp152.3.3.1",
"postgresql12-contrib": "12.3-lp152.3.4.1",
"libpq5": "12.3-lp152.3.4.1",
"postgresql-devel": "12.0.1-lp152.3.3.2",
"postgresql-pltcl": "12.0.1-lp152.3.3.2",
"postgresql12-test": "12.3-lp152.3.4.1",
"postgresql11-plpython": "11.9-lp152.3.3.1",
"postgresql96-devel": "9.6.19-lp152.2.3.1",
"postgresql10-devel": "10.13-lp152.2.3.1",
"postgresql-plpython": "12.0.1-lp152.3.3.2",
"postgresql96-test": "9.6.19-lp152.2.3.1",
"postgresql10-docs": "10.13-lp152.2.3.1",
"postgresql-test": "12.0.1-lp152.3.3.2",
"postgresql10-contrib": "10.13-lp152.2.3.1",
"postgresql10-test": "10.13-lp152.2.3.1",
"postgresql96-plpython": "9.6.19-lp152.2.3.1",
"postgresql12-server": "12.3-lp152.3.4.1",
"postgresql11-test": "11.9-lp152.3.3.1",
"postgresql11-plperl": "11.9-lp152.3.3.1",
"postgresql10": "10.13-lp152.2.3.1",
"postgresql96-server": "9.6.19-lp152.2.3.1",
"postgresql11-pltcl": "11.9-lp152.3.3.1",
"postgresql10-plpython": "10.13-lp152.2.3.1",
"postgresql12-server-devel": "12.3-lp152.3.4.1"
}
]
}
openSUSE:Leap 15.2 / postgresql12
Package
- Name
- postgresql12
- Purl
- purl:rpm/suse/postgresql12&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.3-lp152.3.4.1
Ecosystem specific
{
"binaries": [
{
"postgresql96-plperl": "9.6.19-lp152.2.3.1",
"postgresql12-docs": "12.3-lp152.3.4.1",
"libpq5-32bit": "12.3-lp152.3.4.1",
"postgresql-plperl": "12.0.1-lp152.3.3.2",
"postgresql12-plpython": "12.3-lp152.3.4.1",
"postgresql12": "12.3-lp152.3.4.1",
"postgresql12-devel": "12.3-lp152.3.4.1",
"postgresql10-pltcl": "10.13-lp152.2.3.1",
"libecpg6-32bit": "12.3-lp152.3.4.1",
"postgresql10-server": "10.13-lp152.2.3.1",
"postgresql12-pltcl": "12.3-lp152.3.4.1",
"postgresql11-llvmjit": "11.9-lp152.3.3.1",
"postgresql11-server": "11.9-lp152.3.3.1",
"postgresql-server": "12.0.1-lp152.3.3.2",
"postgresql11-docs": "11.9-lp152.3.3.1",
"postgresql": "12.0.1-lp152.3.3.2",
"postgresql12-plperl": "12.3-lp152.3.4.1",
"postgresql96-docs": "9.6.19-lp152.2.3.1",
"postgresql96-pltcl": "9.6.19-lp152.2.3.1",
"postgresql96": "9.6.19-lp152.2.3.1",
"postgresql96-contrib": "9.6.19-lp152.2.3.1",
"postgresql11-devel": "11.9-lp152.3.3.1",
"postgresql11-contrib": "11.9-lp152.3.3.1",
"postgresql10-plperl": "10.13-lp152.2.3.1",
"postgresql-docs": "12.0.1-lp152.3.3.2",
"postgresql12-llvmjit": "12.3-lp152.3.4.1",
"postgresql-contrib": "12.0.1-lp152.3.3.2",
"postgresql-server-devel": "12.0.1-lp152.3.3.2",
"postgresql-llvmjit": "12.0.1-lp152.3.3.2",
"postgresql11-server-devel": "11.9-lp152.3.3.1",
"libecpg6": "12.3-lp152.3.4.1",
"postgresql11": "11.9-lp152.3.3.1",
"postgresql12-contrib": "12.3-lp152.3.4.1",
"libpq5": "12.3-lp152.3.4.1",
"postgresql-devel": "12.0.1-lp152.3.3.2",
"postgresql-pltcl": "12.0.1-lp152.3.3.2",
"postgresql12-test": "12.3-lp152.3.4.1",
"postgresql11-plpython": "11.9-lp152.3.3.1",
"postgresql96-devel": "9.6.19-lp152.2.3.1",
"postgresql10-devel": "10.13-lp152.2.3.1",
"postgresql-plpython": "12.0.1-lp152.3.3.2",
"postgresql96-test": "9.6.19-lp152.2.3.1",
"postgresql10-docs": "10.13-lp152.2.3.1",
"postgresql-test": "12.0.1-lp152.3.3.2",
"postgresql10-contrib": "10.13-lp152.2.3.1",
"postgresql10-test": "10.13-lp152.2.3.1",
"postgresql96-plpython": "9.6.19-lp152.2.3.1",
"postgresql12-server": "12.3-lp152.3.4.1",
"postgresql11-test": "11.9-lp152.3.3.1",
"postgresql11-plperl": "11.9-lp152.3.3.1",
"postgresql10": "10.13-lp152.2.3.1",
"postgresql96-server": "9.6.19-lp152.2.3.1",
"postgresql11-pltcl": "11.9-lp152.3.3.1",
"postgresql10-plpython": "10.13-lp152.2.3.1",
"postgresql12-server-devel": "12.3-lp152.3.4.1"
}
]
}
openSUSE:Leap 15.2 / postgresql96
Package
- Name
- postgresql96
- Purl
- purl:rpm/suse/postgresql96&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.6.19-lp152.2.3.1
Ecosystem specific
{
"binaries": [
{
"postgresql96-plperl": "9.6.19-lp152.2.3.1",
"postgresql12-docs": "12.3-lp152.3.4.1",
"libpq5-32bit": "12.3-lp152.3.4.1",
"postgresql-plperl": "12.0.1-lp152.3.3.2",
"postgresql12-plpython": "12.3-lp152.3.4.1",
"postgresql12": "12.3-lp152.3.4.1",
"postgresql12-devel": "12.3-lp152.3.4.1",
"postgresql10-pltcl": "10.13-lp152.2.3.1",
"libecpg6-32bit": "12.3-lp152.3.4.1",
"postgresql10-server": "10.13-lp152.2.3.1",
"postgresql12-pltcl": "12.3-lp152.3.4.1",
"postgresql11-llvmjit": "11.9-lp152.3.3.1",
"postgresql11-server": "11.9-lp152.3.3.1",
"postgresql-server": "12.0.1-lp152.3.3.2",
"postgresql11-docs": "11.9-lp152.3.3.1",
"postgresql": "12.0.1-lp152.3.3.2",
"postgresql12-plperl": "12.3-lp152.3.4.1",
"postgresql96-docs": "9.6.19-lp152.2.3.1",
"postgresql96-pltcl": "9.6.19-lp152.2.3.1",
"postgresql96": "9.6.19-lp152.2.3.1",
"postgresql96-contrib": "9.6.19-lp152.2.3.1",
"postgresql11-devel": "11.9-lp152.3.3.1",
"postgresql11-contrib": "11.9-lp152.3.3.1",
"postgresql10-plperl": "10.13-lp152.2.3.1",
"postgresql-docs": "12.0.1-lp152.3.3.2",
"postgresql12-llvmjit": "12.3-lp152.3.4.1",
"postgresql-contrib": "12.0.1-lp152.3.3.2",
"postgresql-server-devel": "12.0.1-lp152.3.3.2",
"postgresql-llvmjit": "12.0.1-lp152.3.3.2",
"postgresql11-server-devel": "11.9-lp152.3.3.1",
"libecpg6": "12.3-lp152.3.4.1",
"postgresql11": "11.9-lp152.3.3.1",
"postgresql12-contrib": "12.3-lp152.3.4.1",
"libpq5": "12.3-lp152.3.4.1",
"postgresql-devel": "12.0.1-lp152.3.3.2",
"postgresql-pltcl": "12.0.1-lp152.3.3.2",
"postgresql12-test": "12.3-lp152.3.4.1",
"postgresql11-plpython": "11.9-lp152.3.3.1",
"postgresql96-devel": "9.6.19-lp152.2.3.1",
"postgresql10-devel": "10.13-lp152.2.3.1",
"postgresql-plpython": "12.0.1-lp152.3.3.2",
"postgresql96-test": "9.6.19-lp152.2.3.1",
"postgresql10-docs": "10.13-lp152.2.3.1",
"postgresql-test": "12.0.1-lp152.3.3.2",
"postgresql10-contrib": "10.13-lp152.2.3.1",
"postgresql10-test": "10.13-lp152.2.3.1",
"postgresql96-plpython": "9.6.19-lp152.2.3.1",
"postgresql12-server": "12.3-lp152.3.4.1",
"postgresql11-test": "11.9-lp152.3.3.1",
"postgresql11-plperl": "11.9-lp152.3.3.1",
"postgresql10": "10.13-lp152.2.3.1",
"postgresql96-server": "9.6.19-lp152.2.3.1",
"postgresql11-pltcl": "11.9-lp152.3.3.1",
"postgresql10-plpython": "10.13-lp152.2.3.1",
"postgresql12-server-devel": "12.3-lp152.3.4.1"
}
]
}