pool/postgresql16
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CVE-2024-4317

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/server:database:postgresql/postgresql16?expand=0&rev=25
This commit is contained in:
Marcus Rückert 2024-05-09 14:13:46 +00:00 committed by Git OBS Bridge
parent 442b61d136
commit cbed561cfd
6 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
postgresql-16.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952
size 24711703

1
postgresql-16.2.tar.bz2.sha256
View File

@ -1 +0,0 @@
446e88294dbc2c9085ab4b7061a646fa604b4bec03521d5ea671c2e5ad9b2952 postgresql-16.2.tar.bz2

3
postgresql-16.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585
size 24737644

1
postgresql-16.3.tar.bz2.sha256 Normal file
View File

@ -0,0 +1 @@
331963d5d3dc4caf4216a049fa40b66d6bcb8c730615859411b9518764e60585 postgresql-16.3.tar.bz2

25
postgresql16.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Thu May 9 14:02:21 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Upgrade to 16.3:
CVE-2024-4317: Restrict visibility of pg_stats_ext and
pg_stats_ext_exprs entries to the table owner
Missing authorization in PostgreSQL built-in views pg_stats_ext
and pg_stats_ext_exprs allows an unprivileged database user to
read most common values and other statistics from CREATE
STATISTICS commands of other users. The most common values may
reveal column values the eavesdropper could not otherwise read or
results of functions they cannot execute.
This fix only fixes fresh PostgreSQL installations, namely those
that are created with the initdb utility after this fix is
applied. If you have a current PostgreSQL installation and are
concerned about this issue, please follow the instructions in the
"Updating" section on this link:
https://www.postgresql.org/about/news/postgresql-163-157-1412-1315-and-1219-released-2858/
The SQL file is in /usr/share/postgresql16/fix-CVE-2024-4317.sql
https://www.postgresql.org/docs/release/16.3/
-------------------------------------------------------------------
Tue Mar 12 22:48:41 UTC 2024 - Aaron Puchert <aaronpuchert@alice-dsl.net>

2
postgresql16.spec
View File

@ -16,7 +16,7 @@
#
%define pgversion 16.2
%define pgversion 16.3
%define pgmajor 16
%define buildlibs 1
%define tarversion %{pgversion}