November 2023 Security Updates
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql13?expand=0&rev=78
This commit is contained in:
parent
009fc88634
commit
0e1cc7606d
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b
|
||||
size 21542293
|
@ -1 +0,0 @@
|
||||
0da1edcee3514b7bc7ba6dbaf0c00499e8ac1590668e8789c50253a6249f218b postgresql-13.12.tar.bz2
|
3
postgresql-13.13.tar.bz2
Normal file
3
postgresql-13.13.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474
|
||||
size 21563452
|
1
postgresql-13.13.tar.bz2.sha256
Normal file
1
postgresql-13.13.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
||||
8af69c2599047a2ad246567d68ec4131aef116954d8c3e469e9789080b37a474 postgresql-13.13.tar.bz2
|
@ -1,3 +1,35 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 8 14:35:06 UTC 2023 - Reinhard Max <max@suse.com>
|
||||
|
||||
- Update to 13.13:
|
||||
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
|
||||
arguments in DISTINCT "any" aggregate functions. This error led
|
||||
to a text-type value being interpreted as an unknown-type value
|
||||
(that is, a zero-terminated string) at runtime. This could
|
||||
result in disclosure of server memory following the text value.
|
||||
* bsc#1216961, CVE-2023-5869: Detect integer overflow while
|
||||
computing new array dimensions. When assigning new elements to
|
||||
array subscripts that are outside the current array bounds, an
|
||||
undetected integer overflow could occur in edge cases. Memory
|
||||
stomps that are potentially exploitable for arbitrary code
|
||||
execution are possible, and so is disclosure of server memory.
|
||||
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
|
||||
from signalling background workers and autovacuum processes.
|
||||
The documentation says that pg_signal_backend cannot issue
|
||||
signals to superuser-owned processes. It was able to signal
|
||||
these background processes, though, because they advertise a
|
||||
role OID of zero. Treat that as indicating superuser ownership.
|
||||
The security implications of cancelling one of these process
|
||||
types are fairly small so far as the core code goes (we'll just
|
||||
start another one), but extensions might add background workers
|
||||
that are more vulnerable.
|
||||
Also ensure that the is_superuser parameter is set correctly in
|
||||
such processes. No specific security consequences are known for
|
||||
that oversight, but it might be significant for some extensions.
|
||||
* Add support for LLVM 16 and 17
|
||||
* https://www.postgresql.org/about/news/2749
|
||||
* https://www.postgresql.org/docs/13/release-13-13.html
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
|
||||
|
||||
|
@ -16,11 +16,11 @@
|
||||
#
|
||||
|
||||
|
||||
%define pgversion 13.12
|
||||
%define pgversion 13.13
|
||||
%define pgmajor 13
|
||||
%define buildlibs 0
|
||||
%define tarversion %{pgversion}
|
||||
%define latest_supported_llvm_ver 15
|
||||
%define latest_supported_llvm_ver 17
|
||||
|
||||
### CUT HERE ###
|
||||
%define pgname postgresql%pgmajor
|
||||
@ -797,11 +797,9 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x
|
||||
|
||||
%post -n %pgname-%devel
|
||||
/sbin/ldconfig
|
||||
/usr/share/postgresql/install-alternatives %pgmajor
|
||||
|
||||
%postun -n %pgname-%devel
|
||||
/sbin/ldconfig
|
||||
/usr/share/postgresql/install-alternatives %pgmajor
|
||||
|
||||
%if %{with server_devel}
|
||||
%post server-devel
|
||||
|
Loading…
Reference in New Issue
Block a user