Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.3 Security Update: PostgreSQL13 Moderate Threat Fixes

opensuse
Calendar Grey July 11, 2021
Dist Opensuse Esm H88
Critical patch released for postgresql13 on openSUSE, fixing various vulnerabilities. Make sure to update your system without delay!
An update that solves three vulnerabilities and has three fixes is now available

Description

This update for postgresql13 fixes the following issues:

- Upgrade to version 13.3:

- CVE-2021-32027: Fixed integer overflows in array subscripting

calculations (bsc#1185924).

- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON

CONFLICT ... UPDATE target lists (bsc#1185925).

- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ...

RETURNING outputs for joined cross-partition updates (bsc#1185926).

- Don't use %_stop_on_removal, because it was meant to be private and got

removed from openSUSE. %_restart_on_update is also private, but still

supported and needed for now (bsc#1183168).

- Re-enable build of the llvmjit subpackage on SLE, but it will only be

delivered on PackageHub for now (bsc#1183118).

- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).

Topics%20covered

Topics Covered

security advisory moderate security update threat mitigation bug fixes postgresql openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-1785=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

postgresql13-13.3-5.10.1

postgresql13-contrib-13.3-5.10.1

postgresql13-contrib-debuginfo-13.3-5.10.1

postgresql13-debuginfo-13.3-5.10.1

postgresql13-debugsource-13.3-5.10.1

postgresql13-devel-13.3-5.10.1

postgresql13-devel-debuginfo-13.3-5.10.1

postgresql13-devel-mini-13.3-5.10.1

postgresql13-devel-mini-debuginfo-13.3-5.10.1

postgresql13-llvmjit-13.3-5.10.1

postgresql13-llvmjit-debuginfo-13.3-5.10.1

postgresql13-plperl-13.3-5.10.1

postgresql13-plperl-debuginfo-13.3-5.10.1

postgresql13-plpython-13.3-5.10.1

postgresql13-plpython-debuginfo-13.3-5.10.1

postgresql13-pltcl-13.3-5.10.1

postgresql13-pltcl-debuginfo-13.3-5.10.1

postgresql13-server-13.3-5.10.1

postgresql13-server-debuginfo-13.3-5.10.1

postgresql13-server-devel-13.3-5.10.1

postgresql13-server-devel-debuginfo-13.3-5.10.1

postgresql13-test-13.3-5.10.1

- openSUSE Leap 15.3 (noarch):

postgresql13-docs-13.3-5.10.1

References

https://www.suse.com/security/cve/CVE-2021-32027.html

https://www.suse.com/security/cve/CVE-2021-32028.html

https://www.suse.com/security/cve/CVE-2021-32029.html

https://bugzilla.suse.com/1179945

https://bugzilla.suse.com/1183118

https://bugzilla.suse.com/1183168

https://bugzilla.suse.com/1185924

https://bugzilla.suse.com/1185925

https://bugzilla.suse.com/1185926

Announcement ID: openSUSE-SU-2021:1785-1
Rating: moderate
Affected Products: openSUSE Leap 15.3 ble.

Topics%20covered

Topics Covered

security advisory moderate security update threat mitigation bug fixes postgresql openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here