November 2023 Security Updates
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql15?expand=0&rev=42
This commit is contained in:
parent
19ea942975
commit
d08f536e1e
BIN
postgresql-15.4.tar.bz2
(Stored with Git LFS)
BIN
postgresql-15.4.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -1 +0,0 @@
|
|||||||
baec5a4bdc4437336653b6cb5d9ed89be5bd5c0c58b94e0becee0a999e63c8f9 postgresql-15.4.tar.bz2
|
|
3
postgresql-15.5.tar.bz2
Normal file
3
postgresql-15.5.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6
|
||||||
|
size 23091780
|
1
postgresql-15.5.tar.bz2.sha256
Normal file
1
postgresql-15.5.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
|||||||
|
8f53aa95d78eb8e82536ea46b68187793b42bba3b4f65aa342f540b23c9b10a6 postgresql-15.5.tar.bz2
|
@ -1,3 +1,35 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 8 14:26:51 UTC 2023 - Reinhard Max <max@suse.com>
|
||||||
|
|
||||||
|
- Upgrade to 15.5:
|
||||||
|
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
|
||||||
|
arguments in DISTINCT "any" aggregate functions. This error led
|
||||||
|
to a text-type value being interpreted as an unknown-type value
|
||||||
|
(that is, a zero-terminated string) at runtime. This could
|
||||||
|
result in disclosure of server memory following the text value.
|
||||||
|
* bsc#1216961, CVE-2023-5869: Detect integer overflow while
|
||||||
|
computing new array dimensions. When assigning new elements to
|
||||||
|
array subscripts that are outside the current array bounds, an
|
||||||
|
undetected integer overflow could occur in edge cases. Memory
|
||||||
|
stomps that are potentially exploitable for arbitrary code
|
||||||
|
execution are possible, and so is disclosure of server memory.
|
||||||
|
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
|
||||||
|
from signalling background workers and autovacuum processes.
|
||||||
|
The documentation says that pg_signal_backend cannot issue
|
||||||
|
signals to superuser-owned processes. It was able to signal
|
||||||
|
these background processes, though, because they advertise a
|
||||||
|
role OID of zero. Treat that as indicating superuser ownership.
|
||||||
|
The security implications of cancelling one of these process
|
||||||
|
types are fairly small so far as the core code goes (we'll just
|
||||||
|
start another one), but extensions might add background workers
|
||||||
|
that are more vulnerable.
|
||||||
|
Also ensure that the is_superuser parameter is set correctly in
|
||||||
|
such processes. No specific security consequences are known for
|
||||||
|
that oversight, but it might be significant for some extensions.
|
||||||
|
* Add support for LLVM 16 and 17
|
||||||
|
* https://www.postgresql.org/about/news/2749
|
||||||
|
* https://www.postgresql.org/docs/15/release-15-5.html
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
|
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
|
||||||
|
|
||||||
|
@ -16,11 +16,11 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
%define pgversion 15.4
|
%define pgversion 15.5
|
||||||
%define pgmajor 15
|
%define pgmajor 15
|
||||||
%define buildlibs 0
|
%define buildlibs 0
|
||||||
%define tarversion %{pgversion}
|
%define tarversion %{pgversion}
|
||||||
%define latest_supported_llvm_ver 15
|
%define latest_supported_llvm_ver 17
|
||||||
|
|
||||||
### CUT HERE ###
|
### CUT HERE ###
|
||||||
%define pgname postgresql%pgmajor
|
%define pgname postgresql%pgmajor
|
||||||
@ -797,11 +797,9 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x
|
|||||||
|
|
||||||
%post -n %pgname-%devel
|
%post -n %pgname-%devel
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
/usr/share/postgresql/install-alternatives %pgmajor
|
|
||||||
|
|
||||||
%postun -n %pgname-%devel
|
%postun -n %pgname-%devel
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
/usr/share/postgresql/install-alternatives %pgmajor
|
|
||||||
|
|
||||||
%if %{with server_devel}
|
%if %{with server_devel}
|
||||||
%post server-devel
|
%post server-devel
|
||||||
|
Loading…
Reference in New Issue
Block a user