Recommended update for postgresql, postgresql10, postgresql12
Announcement ID: | SUSE-RU-2020:1280-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities, contains four features and has three fixes can now be installed.
Description:
This update for postgresql, postgresql10, postgresql12 fixes the following issues:
Changes in the postgresql wrapper package:
- Sync ownership of /run/postgresql in the file list with tmpfiles.
- Use the correct content for .bash_profile (bsc#1153168).
- Stop shipping SUSEfirewall2 config files (bsc#1151591).
- Use /run/postgresql instead of /var/run/postgresql in %ghost and postgresql-tmpfiles.conf to avoid rpmlint warnings and errors.
- add /var/run/postgresql to the filelist. as %ghost for systemd systems and directly for non systemd systems
Changes in postgresql10:
- packaging changed to no longer build the libraries, these now come from postgresql12.
Changes in postgresql12:
Initial package for the postgresql 12 branch
https://www.postgresql.org/about/news/1976/
-
Update to 12.2 (CVE-2020-1720) https://www.postgresql.org/about/news/2011/ https://www.postgresql.org/docs/12/release-12-2.html
-
Avoid the dependency from the devel package to the main package. devel packages are exclusive, thus ecpg does not require update-alternatives.
-
Remove unused build dependencies from the client libs package: LVM, icu, selinux, systemd.
-
Update to 12.1
https://www.postgresql.org/docs/12/release-12-1.html https://www.postgresql.org/about/news/1994/
- add requires to the server-devel package for the libs that are returned by pg_config --libs
python-psycopg2 was updated to 2.8.4 to allow working with postgresql12.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1280=1
-
Server Applications Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-1280=1
Package List:
-
Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- libpq5-debuginfo-12.2-3.5.2
- python-psycopg2-debuginfo-2.8.4-5.4.6
- python-psycopg2-debugsource-2.8.4-5.4.6
- python3-psycopg2-debuginfo-2.8.4-5.4.6
- python3-psycopg2-2.8.4-5.4.6
- postgresql10-10.12-8.13.10
- postgresql10-debuginfo-10.12-8.13.10
- postgresql12-12.2-3.5.2
- postgresql12-debuginfo-12.2-3.5.2
- libpq5-12.2-3.5.2
- postgresql10-debugsource-10.12-8.13.9
-
Basesystem Module 15-SP1 (noarch)
- postgresql-12-8.11.3
-
Basesystem Module 15-SP1 (aarch64 ppc64le s390x)
- postgresql12-debugsource-12.2-3.5.2
-
Server Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- postgresql12-server-debuginfo-12.2-3.5.2
- postgresql10-server-10.12-8.13.10
- postgresql12-pltcl-debuginfo-12.2-3.5.2
- postgresql12-plpython-12.2-3.5.2
- libecpg6-debuginfo-12.2-3.5.2
- postgresql10-pltcl-debuginfo-10.12-8.13.10
- postgresql10-devel-debuginfo-10.12-8.13.9
- postgresql12-plperl-debuginfo-12.2-3.5.2
- postgresql12-contrib-debuginfo-12.2-3.5.2
- postgresql12-devel-debuginfo-12.2-3.5.2
- postgresql10-debuginfo-10.12-8.13.10
- postgresql10-server-debuginfo-10.12-8.13.10
- postgresql12-contrib-12.2-3.5.2
- postgresql10-plpython-debuginfo-10.12-8.13.10
- postgresql10-plperl-debuginfo-10.12-8.13.10
- postgresql12-server-devel-12.2-3.5.2
- postgresql10-contrib-10.12-8.13.10
- postgresql10-plperl-10.12-8.13.10
- postgresql12-server-12.2-3.5.2
- postgresql12-debuginfo-12.2-3.5.2
- postgresql10-pltcl-10.12-8.13.10
- postgresql12-plperl-12.2-3.5.2
- postgresql12-server-devel-debuginfo-12.2-3.5.2
- postgresql12-devel-12.2-3.5.2
- postgresql10-debugsource-10.12-8.13.9
- libecpg6-12.2-3.5.2
- postgresql12-pltcl-12.2-3.5.2
- postgresql10-plpython-10.12-8.13.10
- postgresql10-contrib-debuginfo-10.12-8.13.10
- postgresql12-plpython-debuginfo-12.2-3.5.2
- postgresql10-devel-10.12-8.13.9
-
Server Applications Module 15-SP1 (noarch)
- postgresql-contrib-12-8.11.3
- postgresql-devel-12-8.11.3
- postgresql-pltcl-12-8.11.3
- postgresql-plpython-12-8.11.3
- postgresql12-docs-12.2-3.5.2
- postgresql-plperl-12-8.11.3
- postgresql-docs-12-8.11.3
- postgresql10-docs-10.12-8.13.10
- postgresql-server-devel-12-8.11.3
- postgresql-server-12-8.11.3
-
Server Applications Module 15-SP1 (s390x x86_64)
- postgresql12-debugsource-12.2-3.5.2
References:
- https://www.suse.com/security/cve/CVE-2019-10164.html
- https://www.suse.com/security/cve/CVE-2020-1720.html
- https://bugzilla.suse.com/show_bug.cgi?id=1138034
- https://bugzilla.suse.com/show_bug.cgi?id=1151591
- https://bugzilla.suse.com/show_bug.cgi?id=1153168
- https://bugzilla.suse.com/show_bug.cgi?id=1163985
- https://bugzilla.suse.com/show_bug.cgi?id=1167541
- https://jira.suse.com/browse/ECO-923
- https://jira.suse.com/browse/PM-1472
- https://jira.suse.com/browse/SLE-11077
- https://jira.suse.com/browse/SLE-11078