SUSE: 2020:2149-1 moderate: postgresql10 and postgresql12
Summary
This update for postgresql10 and postgresql12 fixes the following issues: postgresql10 was updated to 10.13 (bsc#1171924). https://www.postgresql.org/about/news/postgresql-123-118-1013-9618-and-9522-released-2038/ https://www.postgresql.org/docs/10/release-10-13.html postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985) - https://www.postgresql.org/about/news/postgresql-122-117-1012-9617-9521-and-9426-released-2011/ - https://www.postgresql.org/docs/10/release-10-12.html postgresql10 was updated to 10.11: - https://www.postgresql.org/about/news/postgresql-121-116-1011-9616-9520-and-9425-released-1994/ - https://www.postgresql.org/docs/10/release-10-11.html postgresql12 was updated to 12.3 (bsc#1171924). Bug Fixes and Improvements: - Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input. - Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes. - Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects. - Allow for a partition to be detached when it has inherited ROW triggers. - Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails. - Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression. - Fix performance regression in floating point overflow/underflow detection. - Several fixes for full text search, particularly with phrase searching. - Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause. - Several reporting fixes for the output of VACUUM VERBOSE. - Allow input of type circle to accept the format (x,y),r, which is specified in the documentation. - Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB. - Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived. - Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines. - Several fixes for logical replication and replication slots. - Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting. - Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption. - Ensure that members of the pg_read_all_stats role can read all statistics views. - Fix performance regression in information_schema.triggers view. - Fix memory leak in libpq when using sslmode=verify-full. - Fix crash in psql when attempting to re-establish a failed connection. - Allow tab-completion of the filename argument to \gx command in psql. - Add pg_dump support for ALTER ... DEPENDS ON EXTENSION. - Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end. - Ensure pg_basebackup generates valid tar files. - pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version - Several Windows compatibility fixes This update also contains timezone tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions. For more details, check out: - https://www.postgresql.org/docs/12/release-12-3.html Other fixes: - Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2149=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2149=1 - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2149=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2149=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2149=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2149=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2149=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise Server for SAP 15 (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpq5-32bit-10.13-4.22.4 libpq5-32bit-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise Server 15-LTSS (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libecpg6-12.3-3.8.1 libecpg6-debuginfo-12.3-3.8.1 postgresql12-contrib-12.3-3.8.1 postgresql12-contrib-debuginfo-12.3-3.8.1 postgresql12-debuginfo-12.3-3.8.1 postgresql12-debugsource-12.3-3.8.1 postgresql12-devel-12.3-3.8.1 postgresql12-devel-debuginfo-12.3-3.8.1 postgresql12-plperl-12.3-3.8.1 postgresql12-plperl-debuginfo-12.3-3.8.1 postgresql12-plpython-12.3-3.8.1 postgresql12-plpython-debuginfo-12.3-3.8.1 postgresql12-pltcl-12.3-3.8.1 postgresql12-pltcl-debuginfo-12.3-3.8.1 postgresql12-server-12.3-3.8.1 postgresql12-server-debuginfo-12.3-3.8.1 postgresql12-server-devel-12.3-3.8.1 postgresql12-server-devel-debuginfo-12.3-3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql-server-devel-12.0.1-8.14.1 postgresql12-docs-12.3-3.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (noarch): postgresql-test-12.0.1-8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpq5-12.3-3.8.1 libpq5-debuginfo-12.3-3.8.1 postgresql12-12.3-3.8.1 postgresql12-debuginfo-12.3-3.8.1 postgresql12-debugsource-12.3-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): postgresql-12.0.1-8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpq5-32bit-12.3-3.8.1 libpq5-32bit-debuginfo-12.3-3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpq5-32bit-10.13-4.22.4 libpq5-32bit-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libecpg6-10.13-4.22.4 libecpg6-debuginfo-10.13-4.22.4 libpq5-10.13-4.22.4 libpq5-debuginfo-10.13-4.22.4 postgresql10-10.13-4.22.4 postgresql10-contrib-10.13-4.22.4 postgresql10-contrib-debuginfo-10.13-4.22.4 postgresql10-debuginfo-10.13-4.22.4 postgresql10-debugsource-10.13-4.22.4 postgresql10-devel-10.13-4.22.4 postgresql10-devel-debuginfo-10.13-4.22.4 postgresql10-plperl-10.13-4.22.4 postgresql10-plperl-debuginfo-10.13-4.22.4 postgresql10-plpython-10.13-4.22.4 postgresql10-plpython-debuginfo-10.13-4.22.4 postgresql10-pltcl-10.13-4.22.4 postgresql10-pltcl-debuginfo-10.13-4.22.4 postgresql10-server-10.13-4.22.4 postgresql10-server-debuginfo-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): postgresql-12.0.1-8.14.1 postgresql-contrib-12.0.1-8.14.1 postgresql-devel-12.0.1-8.14.1 postgresql-docs-12.0.1-8.14.1 postgresql-plperl-12.0.1-8.14.1 postgresql-plpython-12.0.1-8.14.1 postgresql-pltcl-12.0.1-8.14.1 postgresql-server-12.0.1-8.14.1 postgresql10-docs-10.13-4.22.4 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpq5-32bit-10.13-4.22.4 libpq5-32bit-debuginfo-10.13-4.22.4
References
#1148643 #1163985 #1171924
Cross- CVE-2020-1720
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
https://www.suse.com/security/cve/CVE-2020-1720.html
https://bugzilla.suse.com/1148643
https://bugzilla.suse.com/1163985
https://bugzilla.suse.com/1171924