| Summary: | postgresql new security issue CVE-2022-1552 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, hdetavernier, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-32-OK MGA8-64-OK | ||
| Source RPM: | postgresql11-11.15-1.mga8.src.rpm, postgresql13-13.6-1.mga8.src.rpm | CVE: | CVE-2022-1552 |
| Status comment: | |||
|
Description
Nicolas Salguero
2022-05-13 16:55:30 CEST
Nicolas Salguero
2022-05-13 16:56:31 CEST
Source RPM:
(none) =>
postgresql11-11.15-1.mga8.src.rpm, postgresql13-13.6-1.mga8.src.rpm
Nicolas Salguero
2022-05-14 08:44:47 CEST
Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix a security vulnerability: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox. (CVE-2022-1552) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1552 https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ ======================== Updated packages in core/updates_testing: ======================== lib(64)pq5.11-11.16-1.mga8 lib(64)ecpg11_6-11.16-1.mga8 postgresql11-11.16-1.mga8 postgresql11-contrib-11.16-1.mga8 postgresql11-devel-11.16-1.mga8 postgresql11-docs-11.16-1.mga8 postgresql11-pl-11.16-1.mga8 postgresql11-plperl-11.16-1.mga8 postgresql11-plpgsql-11.16-1.mga8 postgresql11-plpython3-11.16-1.mga8 postgresql11-pltcl-11.16-1.mga8 postgresql11-server-11.16-1.mga8 lib(64)pq5-13.7-1.mga8 lib(64)ecpg13_6-13.7-1.mga8 postgresql13-13.7-1.mga8 postgresql13-contrib-13.7-1.mga8 postgresql13-devel-13.7-1.mga8 postgresql13-docs-13.7-1.mga8 postgresql13-pl-13.7-1.mga8 postgresql13-plperl-13.7-1.mga8 postgresql13-plpgsql-13.7-1.mga8 postgresql13-plpython3-13.7-1.mga8 postgresql13-pltcl-13.7-1.mga8 postgresql13-server-13.7-1.mga8 from SRPMS: postgresql11-11.16-1.mga8.src.rpm postgresql13-13.7-1.mga8.src.rpm Whiteboard:
MGA8TOO =>
(none) MGA8-64 Plasma on Lenovo B50 in Dutch Laptop had version 11 installed, created database and user before update. Run the update for 11 without issues and created a table in the database and inserted some values and selected the rows, all worked OK. CC:
(none) =>
herman.viaene Mageia 8 Gnome X64. Updated from postgresql11-11.14-1.mga8.x86_64 without any problem. List of databases, users are still there. I created a new user, new databases. All is ok. CC:
(none) =>
hdetavernier Deleted all postgres from the laptop, installed the 13 version, created new database, new user, granted all rights, created table, inserted some values and displayed the rows. All works OK. The following 9 packages are going to be installed: - libpq5-13.7-1.mga8.i586 - postgresql13-13.7-1.mga8.i586 - postgresql13-contrib-13.7-1.mga8.i586 - postgresql13-pl-13.7-1.mga8.i586 - postgresql13-plperl-13.7-1.mga8.i586 - postgresql13-plpgsql-13.7-1.mga8.i586 - postgresql13-plpython3-13.7-1.mga8.i586 - postgresql13-pltcl-13.7-1.mga8.i586 - postgresql13-server-13.7-1.mga8.i586 54MB of additional disk space will be used. 18MB of packages will be retrieved. Is it ok to continue? ------ started server created database - it worked created table inserted values created index selected values work for me. CC:
(none) =>
brtians1 Since it's working for everybody, no reason not to OK it. Validating. Advisory in Comment 1. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Thomas Backlund
2022-05-22 14:53:30 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0201.html Status:
ASSIGNED =>
RESOLVED |