November 2023 Security Updates
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql15?expand=0&rev=42
This commit is contained in:
parent
19ea942975
commit
d08f536e1e
BIN
postgresql-15.4.tar.bz2
(Stored with Git LFS)
BIN
postgresql-15.4.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -1 +0,0 @@
|
||||
baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 postgresql-15.4.tar.bz2
|
3
postgresql-15.5.tar.bz2
Normal file
3
postgresql-15.5.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6
|
||||
size 23091780
|
1
postgresql-15.5.tar.bz2.sha256
Normal file
1
postgresql-15.5.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
||||
8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 postgresql-15.5.tar.bz2
|
@ -1,3 +1,35 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 8 14:26:51 UTC 2023 - Reinhard Max <max@suse.com>
|
||||
|
||||
- Upgrade to 15.5:
|
||||
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
|
||||
arguments in DISTINCT "any" aggregate functions. This error led
|
||||
to a text-type value being interpreted as an unknown-type value
|
||||
(that is, a zero-terminated string) at runtime. This could
|
||||
result in disclosure of server memory following the text value.
|
||||
* bsc#1216961, CVE-2023-5869: Detect integer overflow while
|
||||
computing new array dimensions. When assigning new elements to
|
||||
array subscripts that are outside the current array bounds, an
|
||||
undetected integer overflow could occur in edge cases. Memory
|
||||
stomps that are potentially exploitable for arbitrary code
|
||||
execution are possible, and so is disclosure of server memory.
|
||||
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
|
||||
from signalling background workers and autovacuum processes.
|
||||
The documentation says that pg_signal_backend cannot issue
|
||||
signals to superuser-owned processes. It was able to signal
|
||||
these background processes, though, because they advertise a
|
||||
role OID of zero. Treat that as indicating superuser ownership.
|
||||
The security implications of cancelling one of these process
|
||||
types are fairly small so far as the core code goes (we'll just
|
||||
start another one), but extensions might add background workers
|
||||
that are more vulnerable.
|
||||
Also ensure that the is_superuser parameter is set correctly in
|
||||
such processes. No specific security consequences are known for
|
||||
that oversight, but it might be significant for some extensions.
|
||||
* Add support for LLVM 16 and 17
|
||||
* https://www.postgresql.org/about/news/2749
|
||||
* https://www.postgresql.org/docs/15/release-15-5.html
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
|
||||
|
||||
|
@ -16,11 +16,11 @@
|
||||
#
|
||||
|
||||
|
||||
%define pgversion 15.4
|
||||
%define pgversion 15.5
|
||||
%define pgmajor 15
|
||||
%define buildlibs 0
|
||||
%define tarversion %{pgversion}
|
||||
%define latest_supported_llvm_ver 15
|
||||
%define latest_supported_llvm_ver 17
|
||||
|
||||
### CUT HERE ###
|
||||
%define pgname postgresql%pgmajor
|
||||
@ -797,11 +797,9 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x
|
||||
|
||||
%post -n %pgname-%devel
|
||||
/sbin/ldconfig
|
||||
/usr/share/postgresql/install-alternatives %pgmajor
|
||||
|
||||
%postun -n %pgname-%devel
|
||||
/sbin/ldconfig
|
||||
/usr/share/postgresql/install-alternatives %pgmajor
|
||||
|
||||
%if %{with server_devel}
|
||||
%post server-devel
|
||||
|
Loading…
Reference in New Issue
Block a user