November 2023 Security Updates
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql16?expand=0&rev=15
This commit is contained in:
parent
537bc93564
commit
a8fd7e2803
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99
|
||||
size 24528207
|
@ -1 +0,0 @@
|
||||
df9e823eb22330444e1d48e52cc65135a652a6fdb3ce325e3f08549339f51b99 postgresql-16.0.tar.bz2
|
3
postgresql-16.1.tar.bz2
Normal file
3
postgresql-16.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec
|
||||
size 24605482
|
1
postgresql-16.1.tar.bz2.sha256
Normal file
1
postgresql-16.1.tar.bz2.sha256
Normal file
@ -0,0 +1 @@
|
||||
ce3c4d85d19b0121fe0d3f8ef1fa601f71989e86f8a66f7dc3ad546dd5564fec postgresql-16.1.tar.bz2
|
@ -1,3 +1,35 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 8 14:09:29 UTC 2023 - Reinhard Max <max@suse.com>
|
||||
|
||||
- Upgrade to 16.1:
|
||||
* bsc#1216962, CVE-2023-5868: Fix handling of unknown-type
|
||||
arguments in DISTINCT "any" aggregate functions. This error led
|
||||
to a text-type value being interpreted as an unknown-type value
|
||||
(that is, a zero-terminated string) at runtime. This could
|
||||
result in disclosure of server memory following the text value.
|
||||
* bsc#1216961, CVE-2023-5869: Detect integer overflow while
|
||||
computing new array dimensions. When assigning new elements to
|
||||
array subscripts that are outside the current array bounds, an
|
||||
undetected integer overflow could occur in edge cases. Memory
|
||||
stomps that are potentially exploitable for arbitrary code
|
||||
execution are possible, and so is disclosure of server memory.
|
||||
* bsc#1216960, CVE-2023-5870: Prevent the pg_signal_backend role
|
||||
from signalling background workers and autovacuum processes.
|
||||
The documentation says that pg_signal_backend cannot issue
|
||||
signals to superuser-owned processes. It was able to signal
|
||||
these background processes, though, because they advertise a
|
||||
role OID of zero. Treat that as indicating superuser ownership.
|
||||
The security implications of cancelling one of these process
|
||||
types are fairly small so far as the core code goes (we'll just
|
||||
start another one), but extensions might add background workers
|
||||
that are more vulnerable.
|
||||
Also ensure that the is_superuser parameter is set correctly in
|
||||
such processes. No specific security consequences are known for
|
||||
that oversight, but it might be significant for some extensions.
|
||||
* Add support for LLVM 16 and 17
|
||||
* https://www.postgresql.org/about/news/2749
|
||||
* https://www.postgresql.org/docs/16/release-16-1.html
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 31 10:57:13 UTC 2023 - Reinhard Max <max@suse.com>
|
||||
|
||||
|
@ -16,11 +16,11 @@
|
||||
#
|
||||
|
||||
|
||||
%define pgversion 16.0
|
||||
%define pgversion 16.1
|
||||
%define pgmajor 16
|
||||
%define buildlibs 1
|
||||
%define tarversion %{pgversion}
|
||||
%define latest_supported_llvm_ver 15
|
||||
%define latest_supported_llvm_ver 17
|
||||
|
||||
### CUT HERE ###
|
||||
%define pgname postgresql%pgmajor
|
||||
@ -797,11 +797,9 @@ awk -v P=%buildroot '/^(%lang|[^%])/{print P $NF}' libpq.files libecpg.files | x
|
||||
|
||||
%post -n %pgname-%devel
|
||||
/sbin/ldconfig
|
||||
/usr/share/postgresql/install-alternatives %pgmajor
|
||||
|
||||
%postun -n %pgname-%devel
|
||||
/sbin/ldconfig
|
||||
/usr/share/postgresql/install-alternatives %pgmajor
|
||||
|
||||
%if %{with server_devel}
|
||||
%post server-devel
|
||||
|
Loading…
Reference in New Issue
Block a user