Security update for postgresql10 and postgresql12

Announcement ID: SUSE-SU-2020:2149-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2020-1720 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2020-1720 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
  • Basesystem Module 15-SP1
  • Server Applications Module 15-SP1
  • SUSE Linux Enterprise Desktop 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise Real Time 15 SP1
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15 LTSS 15
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  • SUSE Linux Enterprise Server ESPOS 15
  • SUSE Linux Enterprise Server for SAP Applications 15
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • SUSE Manager Proxy 4.0
  • SUSE Manager Retail Branch Server 4.0
  • SUSE Manager Server 4.0
  • SUSE Package Hub 15 15-SP1

An update that solves one vulnerability and has two security fixes can now be installed.

Description:

This update for postgresql10 and postgresql12 fixes the following issues:

postgresql10 was updated to 10.13 (bsc#1171924).

https://www.postgresql.org/about/news/2038/ https://www.postgresql.org/docs/10/release-10-13.html

postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985)

  • https://www.postgresql.org/about/news/2011/
  • https://www.postgresql.org/docs/10/release-10-12.html

postgresql10 was updated to 10.11:

  • https://www.postgresql.org/about/news/1994/
  • https://www.postgresql.org/docs/10/release-10-11.html

postgresql12 was updated to 12.3 (bsc#1171924).

Bug Fixes and Improvements:

  • Several fixes for GENERATED columns, including an issue where it was possible to crash or corrupt data in a table when the output of the generated column was the exact copy of a physical column on the table, e.g. if the expression called a function which could return its own input.
  • Several fixes for ALTER TABLE, including ensuring the SET STORAGE directive is propagated to a table's indexes.
  • Fix a potential race condition when using DROP OWNED BY while another session is deleting the same objects.
  • Allow for a partition to be detached when it has inherited ROW triggers.
  • Several fixes for REINDEX CONCURRENTLY, particularly with issues when a REINDEX CONCURRENTLY operation fails.
  • Fix crash when COLLATE is applied to an uncollatable type in a partition bound expression.
  • Fix performance regression in floating point overflow/underflow detection.
  • Several fixes for full text search, particularly with phrase searching.
  • Fix query-lifespan memory leak for a set-returning function used in a query's FROM clause.
  • Several reporting fixes for the output of VACUUM VERBOSE.
  • Allow input of type circle to accept the format (x,y),r, which is specified in the documentation.
  • Allow for the get_bit() and set_bit() functions to not fail on bytea strings longer than 256MB.
  • Avoid premature recycling of WAL segments during crash recovery, which could lead to WAL segments being recycled before being archived.
  • Avoid attempting to fetch nonexistent WAL files from archive storage during recovery by skipping irrelevant timelines.
  • Several fixes for logical replication and replication slots.
  • Fix several race conditions in synchronous standby management, including one that occurred when changing the synchronous_standby_names setting.
  • Several fixes for GSSAPI support, include a fix for a memory leak that occurred when using GSSAPI encryption.
  • Ensure that members of the pg_read_all_stats role can read all statistics views.
  • Fix performance regression in information_schema.triggers view.
  • Fix memory leak in libpq when using sslmode=verify-full.
  • Fix crash in psql when attempting to re-establish a failed connection.
  • Allow tab-completion of the filename argument to \gx command in psql.
  • Add pg_dump support for ALTER ... DEPENDS ON EXTENSION.
  • Several other fixes for pg_dump, which include dumping comments on RLS policies and postponing restore of event triggers until the end.
  • Ensure pg_basebackup generates valid tar files.
  • pg_checksums skips tablespace subdirectories that belong to a different PostgreSQL major version
  • Several Windows compatibility fixes

This update also contains timezone tzdata release 2020a for DST law changes in Morocco and the Canadian Yukon, plus historical corrections for Shanghai. The America/Godthab zone has been renamed to America/Nuuk to reflect current English usage ; however, the old name remains available as a compatibility link. This also updates initdb's list of known Windows time zone names to include recent additions.

For more details, check out:

  • https://www.postgresql.org/docs/12/release-12-3.html

Other fixes:

  • Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean and complete cutover to the new packaging schema.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2149=1
  • SUSE Package Hub 15 15-SP1
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2149=1
  • Server Applications Module 15-SP1
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2149=1
  • SUSE Linux Enterprise Server ESPOS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2149=1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2149=1
  • SUSE Linux Enterprise Server 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2149=1
  • SUSE Linux Enterprise Server for SAP Applications 15
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2149=1

Package List:

  • Basesystem Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • postgresql12-12.3-3.8.1
    • postgresql12-debuginfo-12.3-3.8.1
    • postgresql12-debugsource-12.3-3.8.1
    • libpq5-debuginfo-12.3-3.8.1
    • libpq5-12.3-3.8.1
  • Basesystem Module 15-SP1 (noarch)
    • postgresql-12.0.1-8.14.1
  • Basesystem Module 15-SP1 (x86_64)
    • libpq5-32bit-12.3-3.8.1
    • libpq5-32bit-debuginfo-12.3-3.8.1
  • SUSE Package Hub 15 15-SP1 (noarch)
    • postgresql-test-12.0.1-8.14.1
  • Server Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
    • libecpg6-12.3-3.8.1
    • postgresql12-plpython-12.3-3.8.1
    • postgresql12-plperl-debuginfo-12.3-3.8.1
    • postgresql12-contrib-debuginfo-12.3-3.8.1
    • postgresql12-debuginfo-12.3-3.8.1
    • postgresql12-plperl-12.3-3.8.1
    • postgresql12-debugsource-12.3-3.8.1
    • postgresql12-pltcl-debuginfo-12.3-3.8.1
    • postgresql12-server-debuginfo-12.3-3.8.1
    • postgresql12-server-devel-12.3-3.8.1
    • postgresql12-contrib-12.3-3.8.1
    • postgresql12-plpython-debuginfo-12.3-3.8.1
    • postgresql12-server-12.3-3.8.1
    • postgresql12-devel-12.3-3.8.1
    • postgresql12-server-devel-debuginfo-12.3-3.8.1
    • libecpg6-debuginfo-12.3-3.8.1
    • postgresql12-pltcl-12.3-3.8.1
    • postgresql12-devel-debuginfo-12.3-3.8.1
  • Server Applications Module 15-SP1 (noarch)
    • postgresql-pltcl-12.0.1-8.14.1
    • postgresql-docs-12.0.1-8.14.1
    • postgresql12-docs-12.3-3.8.1
    • postgresql-server-devel-12.0.1-8.14.1
    • postgresql-server-12.0.1-8.14.1
    • postgresql-contrib-12.0.1-8.14.1
    • postgresql-plpython-12.0.1-8.14.1
    • postgresql-devel-12.0.1-8.14.1
    • postgresql-plperl-12.0.1-8.14.1
  • SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
    • libecpg6-debuginfo-10.13-4.22.4
    • postgresql10-plperl-10.13-4.22.4
    • postgresql10-server-debuginfo-10.13-4.22.4
    • postgresql10-10.13-4.22.4
    • postgresql10-server-10.13-4.22.4
    • postgresql10-contrib-debuginfo-10.13-4.22.4
    • postgresql10-debuginfo-10.13-4.22.4
    • libecpg6-10.13-4.22.4
    • postgresql10-plpython-10.13-4.22.4
    • postgresql10-debugsource-10.13-4.22.4
    • postgresql10-plperl-debuginfo-10.13-4.22.4
    • postgresql10-pltcl-10.13-4.22.4
    • postgresql10-contrib-10.13-4.22.4
    • postgresql10-pltcl-debuginfo-10.13-4.22.4
    • postgresql10-devel-debuginfo-10.13-4.22.4
    • libpq5-10.13-4.22.4
    • postgresql10-devel-10.13-4.22.4
    • postgresql10-plpython-debuginfo-10.13-4.22.4
    • libpq5-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise Server ESPOS 15 (noarch)
    • postgresql-pltcl-12.0.1-8.14.1
    • postgresql-docs-12.0.1-8.14.1
    • postgresql10-docs-10.13-4.22.4
    • postgresql-server-12.0.1-8.14.1
    • postgresql-contrib-12.0.1-8.14.1
    • postgresql-plpython-12.0.1-8.14.1
    • postgresql-devel-12.0.1-8.14.1
    • postgresql-12.0.1-8.14.1
    • postgresql-plperl-12.0.1-8.14.1
  • SUSE Linux Enterprise Server ESPOS 15 (x86_64)
    • libpq5-32bit-10.13-4.22.4
    • libpq5-32bit-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
    • libecpg6-debuginfo-10.13-4.22.4
    • postgresql10-plperl-10.13-4.22.4
    • postgresql10-server-debuginfo-10.13-4.22.4
    • postgresql10-10.13-4.22.4
    • postgresql10-server-10.13-4.22.4
    • postgresql10-contrib-debuginfo-10.13-4.22.4
    • postgresql10-debuginfo-10.13-4.22.4
    • libecpg6-10.13-4.22.4
    • postgresql10-plpython-10.13-4.22.4
    • postgresql10-debugsource-10.13-4.22.4
    • postgresql10-plperl-debuginfo-10.13-4.22.4
    • postgresql10-pltcl-10.13-4.22.4
    • postgresql10-contrib-10.13-4.22.4
    • postgresql10-pltcl-debuginfo-10.13-4.22.4
    • postgresql10-devel-debuginfo-10.13-4.22.4
    • libpq5-10.13-4.22.4
    • postgresql10-devel-10.13-4.22.4
    • postgresql10-plpython-debuginfo-10.13-4.22.4
    • libpq5-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
    • postgresql-pltcl-12.0.1-8.14.1
    • postgresql-docs-12.0.1-8.14.1
    • postgresql10-docs-10.13-4.22.4
    • postgresql-server-12.0.1-8.14.1
    • postgresql-contrib-12.0.1-8.14.1
    • postgresql-plpython-12.0.1-8.14.1
    • postgresql-devel-12.0.1-8.14.1
    • postgresql-12.0.1-8.14.1
    • postgresql-plperl-12.0.1-8.14.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (x86_64)
    • libpq5-32bit-10.13-4.22.4
    • libpq5-32bit-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
    • libecpg6-debuginfo-10.13-4.22.4
    • postgresql10-plperl-10.13-4.22.4
    • postgresql10-server-debuginfo-10.13-4.22.4
    • postgresql10-10.13-4.22.4
    • postgresql10-server-10.13-4.22.4
    • postgresql10-contrib-debuginfo-10.13-4.22.4
    • postgresql10-debuginfo-10.13-4.22.4
    • libecpg6-10.13-4.22.4
    • postgresql10-plpython-10.13-4.22.4
    • postgresql10-debugsource-10.13-4.22.4
    • postgresql10-plperl-debuginfo-10.13-4.22.4
    • postgresql10-pltcl-10.13-4.22.4
    • postgresql10-contrib-10.13-4.22.4
    • postgresql10-pltcl-debuginfo-10.13-4.22.4
    • postgresql10-devel-debuginfo-10.13-4.22.4
    • libpq5-10.13-4.22.4
    • postgresql10-devel-10.13-4.22.4
    • postgresql10-plpython-debuginfo-10.13-4.22.4
    • libpq5-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
    • postgresql-pltcl-12.0.1-8.14.1
    • postgresql-docs-12.0.1-8.14.1
    • postgresql10-docs-10.13-4.22.4
    • postgresql-server-12.0.1-8.14.1
    • postgresql-contrib-12.0.1-8.14.1
    • postgresql-plpython-12.0.1-8.14.1
    • postgresql-devel-12.0.1-8.14.1
    • postgresql-12.0.1-8.14.1
    • postgresql-plperl-12.0.1-8.14.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (x86_64)
    • libpq5-32bit-10.13-4.22.4
    • libpq5-32bit-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
    • libecpg6-debuginfo-10.13-4.22.4
    • postgresql10-plperl-10.13-4.22.4
    • postgresql10-server-debuginfo-10.13-4.22.4
    • postgresql10-10.13-4.22.4
    • postgresql10-server-10.13-4.22.4
    • postgresql10-contrib-debuginfo-10.13-4.22.4
    • postgresql10-debuginfo-10.13-4.22.4
    • libecpg6-10.13-4.22.4
    • postgresql10-plpython-10.13-4.22.4
    • postgresql10-debugsource-10.13-4.22.4
    • postgresql10-plperl-debuginfo-10.13-4.22.4
    • postgresql10-pltcl-10.13-4.22.4
    • postgresql10-contrib-10.13-4.22.4
    • postgresql10-pltcl-debuginfo-10.13-4.22.4
    • postgresql10-devel-debuginfo-10.13-4.22.4
    • libpq5-10.13-4.22.4
    • postgresql10-devel-10.13-4.22.4
    • postgresql10-plpython-debuginfo-10.13-4.22.4
    • libpq5-debuginfo-10.13-4.22.4
  • SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
    • postgresql-pltcl-12.0.1-8.14.1
    • postgresql-docs-12.0.1-8.14.1
    • postgresql10-docs-10.13-4.22.4
    • postgresql-server-12.0.1-8.14.1
    • postgresql-contrib-12.0.1-8.14.1
    • postgresql-plpython-12.0.1-8.14.1
    • postgresql-devel-12.0.1-8.14.1
    • postgresql-12.0.1-8.14.1
    • postgresql-plperl-12.0.1-8.14.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (x86_64)
    • libpq5-32bit-10.13-4.22.4
    • libpq5-32bit-debuginfo-10.13-4.22.4

References: