Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

openSUSE Leap 15.3: 2021:1994-1 Moderate: PostgreSQL12 Security Update

opensuse
Calendar Grey July 10, 2021
Dist Opensuse Esm H88
A critical announcement regarding openSUSE Leap 15.3 resolves concerns in postgresql12, delivering vital improvements in security.
An update that solves three vulnerabilities and has three fixes is now available

Description

This update for postgresql12 fixes the following issues:

Upgrade to version 12.7:

- CVE-2021-32027: Fixed integer overflows in array subscripting

calculations (bsc#1185924).

- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON

CONFLICT ... UPDATE target lists (bsc#1185925).

- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ...

RETURNING outputs for joined cross-partition updates (bsc#1185926).

- Don't use %_stop_on_removal, because it was meant to be private and got

removed from openSUSE. %_restart_on_update is also private, but still

supported and needed for now (bsc#1183168).

- Re-enable build of the llvmjit subpackage on SLE, but it will only be

delivered on PackageHub for now (bsc#1183118).

- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).

Topics%20covered

Topics Covered

security advisory moderate security update bug fixes postgresql openSUSE issues resolved

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-1994=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

postgresql12-12.7-8.20.1

postgresql12-contrib-12.7-8.20.1

postgresql12-contrib-debuginfo-12.7-8.20.1

postgresql12-debuginfo-12.7-8.20.1

postgresql12-debugsource-12.7-8.20.1

postgresql12-devel-12.7-8.20.1

postgresql12-devel-debuginfo-12.7-8.20.1

postgresql12-llvmjit-12.7-8.20.1

postgresql12-llvmjit-debuginfo-12.7-8.20.1

postgresql12-plperl-12.7-8.20.1

postgresql12-plperl-debuginfo-12.7-8.20.1

postgresql12-plpython-12.7-8.20.1

postgresql12-plpython-debuginfo-12.7-8.20.1

postgresql12-pltcl-12.7-8.20.1

postgresql12-pltcl-debuginfo-12.7-8.20.1

postgresql12-server-12.7-8.20.1

postgresql12-server-debuginfo-12.7-8.20.1

postgresql12-server-devel-12.7-8.20.1

postgresql12-server-devel-debuginfo-12.7-8.20.1

postgresql12-test-12.7-8.20.1

- openSUSE Leap 15.3 (noarch):

postgresql12-docs-12.7-8.20.1

References

https://www.suse.com/security/cve/CVE-2021-32027.html

https://www.suse.com/security/cve/CVE-2021-32028.html

https://www.suse.com/security/cve/CVE-2021-32029.html

https://bugzilla.suse.com/1179945

https://bugzilla.suse.com/1183118

https://bugzilla.suse.com/1183168

https://bugzilla.suse.com/1185924

https://bugzilla.suse.com/1185925

https://bugzilla.suse.com/1185926

Announcement ID: openSUSE-SU-2021:1994-1
Rating: moderate
Affected Products: openSUSE Leap 15.3 ble.

Topics%20covered

Topics Covered

security advisory moderate security update bug fixes postgresql openSUSE issues resolved

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here