Security update for postgresql13

SUSE Security Update: Security update for postgresql13
Announcement ID: SUSE-SU-2021:1785-2
Rating: moderate
References: #1179945 #1183118 #1183168 #1185924 #1185925 #1185926
Cross-References:CVE-2021-32027 CVE-2021-32028 CVE-2021-32029
Affected Products:
  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3

An update that solves three vulnerabilities and has three fixes is now available.

Description:

This update for postgresql13 fixes the following issues:

  • Upgrade to version 13.3:
  • CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
  • CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
  • CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).

  • Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
  • Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
  • Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1785=1

Package List:

  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
    • postgresql13-test-13.3-5.10.1

References: