PostgreSQL has released new versions on June 20: https://www.postgresql.org/about/news/1949/ 11.4 fixes an issue deemed critical enough that they made these releases ahead of schedule.
Whiteboard: (none) => MGA7TOO
Assigning to our registered postgresql11 maintainer.
Assignee: bugsquad => mageiaCC: (none) => marja11
Suggested advisory: ======================== Updated psotgresql11 packages fix security vulnerabilities: An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally, a rogue server could send a specifically crafted message during the SCRAM authentication process and cause a libpq-enabled client to either crash or execute arbitrary code as the client's operating system account. [1] More than 25 other bugs have been fixed too. [2] References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10164 [2] https://www.postgresql.org/about/news/1949/ ======================== Updated packages in core/updates_testing: ======================== postgresql11-11.4-1.mga7 lib64pq5-11.4-1.mga7 lib64ecpg11_6-11.4-1.mga7 postgresql11-server-11.4-1.mga7 postgresql11-docs-11.4-1.mga7 postgresql11-contrib-11.4-1.mga7 postgresql11-devel-11.4-1.mga7 postgresql11-pl-11.4-1.mga7 postgresql11-plpython-11.4-1.mga7 postgresql11-plpython3-11.4-1.mga7 postgresql11-plperl-11.4-1.mga7 postgresql11-pltcl-11.4-1.mga7 postgresql11-plpgsql-11.4-1.mga7 postgresql11-debugsource-11.4-1.mga7 postgresql11-debuginfo-11.4-1.mga7 lib64pq5-debuginfo-11.4-1.mga7 lib64ecpg11_6-debuginfo-11.4-1.mga7 postgresql11-server-debuginfo-11.4-1.mga7 postgresql11-contrib-debuginfo-11.4-1.mga7 postgresql11-devel-debuginfo-11.4-1.mga7 postgresql11-plpython-debuginfo-11.4-1.mga7 postgresql11-plpython3-debuginfo-11.4-1.mga7 postgresql11-plperl-debuginfo-11.4-1.mga7 postgresql11-pltcl-debuginfo-11.4-1.mga7 postgresql11-plpgsql-debuginfo-11.4-1.mga7 SRPM: postgresql11-11.4-1.mga7.src.rpm
Assignee: mageia => qa-bugs
Version: Cauldron => 7CC: (none) => tmbWhiteboard: MGA7TOO => (none)
$ uname -a Linux linux.local 5.1.14-desktop-1.mga7 #1 SMP Sat Jun 22 10:35:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 20 packages are going to be installed: - glibc-devel-2.29-13.mga7.x86_64 - kernel-userspace-headers-5.1.16-1.mga7.x86_64 - lib64ecpg11_6-11.4-1.mga7.x86_64 - lib64openssl-devel-1.1.0j-1.mga7.x86_64 - lib64pq5-11.4-1.mga7.x86_64 - lib64xcrypt-devel-4.4.6-1.mga7.x86_64 - lib64zlib-devel-1.2.11-7.mga7.x86_64 - meta-task-7-1.1.mga7.noarch - multiarch-utils-1.0.14-2.mga7.noarch - postgresql11-11.4-1.mga7.x86_64 - postgresql11-contrib-11.4-1.mga7.x86_64 - postgresql11-devel-11.4-1.mga7.x86_64 - postgresql11-docs-11.4-1.mga7.noarch - postgresql11-pl-11.4-1.mga7.x86_64 - postgresql11-plperl-11.4-1.mga7.x86_64 - postgresql11-plpgsql-11.4-1.mga7.x86_64 - postgresql11-plpython-11.4-1.mga7.x86_64 - postgresql11-plpython3-11.4-1.mga7.x86_64 - postgresql11-pltcl-11.4-1.mga7.x86_64 - postgresql11-server-11.4-1.mga7.x86_64 After the install I rebooted the VM. $ ps -ef | grep post returned nothing but this command. So I had to start postgresql # systemctl start postgresql (Note the above command may take a minute to finish - don't panic at the disco). Now I'm seeing activity [root@linux brian]# ps -ef | grep post postgres 2158 1 0 09:09 ? 00:00:00 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432 postgres 2160 2158 0 09:09 ? 00:00:00 postgres: checkpointer postgres 2161 2158 0 09:09 ? 00:00:00 postgres: background writer postgres 2162 2158 0 09:09 ? 00:00:00 postgres: walwriter postgres 2163 2158 0 09:09 ? 00:00:00 postgres: autovacuum launcher postgres 2164 2158 0 09:09 ? 00:00:00 postgres: stats collector postgres 2165 2158 0 09:09 ? 00:00:00 postgres: logical replication launcher From root user I su over to postgres user: # su postgres [postgres@linux brian]$ I start by creating a db postgres@linux home]$ createdb magdb (note you may get an error that it postgres doesn't have permission to write a file. That's a log file.) I now connect to the database I created: $ psql magdb psql (11.4) magdb=# select version(); version -------------------------------------------------------------------------------- ------------------------------------- PostgreSQL 11.4 on x86_64-mageia-linux-gnu, compiled by gcc (Mageia 8.3.1-0.201 90524.1.mga7) 8.3.1 20190524, 64-bit It seems happy enough. Now I'll go install nextcloud After installing nextcloud and all associated services (make sure you include the postgres connector) # systemctl start httpd In your favorite browner: 127.0.0.1/nextcloud Pick out postgresql as the database (if it is not available you either didn't start it or you did not pick the proper nextcloud driver. Note default postgres database user is postgres and the password is <blank> I was able to complete the installation and add documents to nextcloud. Looks like postgres is working as designed.
CC: (none) => brtians1Whiteboard: (none) => MGA7-64-OK
Advisory uploaded, validating.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0204.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
CC: (none) => tomwalterszz0809