PostgreSQL has released new versions on May 13: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ The issues are fixed upstream in 9.6.22, 11.12, and 13.3. Cauldron and Mageia 8 are affected (postgresql13 and postgresql11). Mageia 7 is also affected (postgresql11 and postgresql9.6). CVE-2021-32029 only affects postgresql11 and postgresql13.
Whiteboard: (none) => MGA8TOO, MGA7TOO
These 3 SRPMs have mixed maintainers, so assigning this update globally. CC'ing Marc who deals with some of them.
CC: (none) => mageiaAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Buffer overrun from integer overflow in array subscripting calculations. (CVE-2021-32027) Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. (CVE-2021-32028) Memory disclosure in partitioned-table UPDATE ... RETURNING. (CVE-2021-32029) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32027 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32028 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32029 https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ ======================== Updated packages in 7/core/updates_testing: ======================== postgresql9.6-9.6.22-1.mga7 lib(64)pq5.9-9.6.22-1.mga7 lib(64)ecpg9.6_6-9.6.22-1.mga7 postgresql9.6-server-9.6.22-1.mga7 postgresql9.6-docs-9.6.22-1.mga7 postgresql9.6-contrib-9.6.22-1.mga7 postgresql9.6-devel-9.6.22-1.mga7 postgresql9.6-pl-9.6.22-1.mga7 postgresql9.6-plpython-9.6.22-1.mga7 postgresql9.6-plperl-9.6.22-1.mga7 postgresql9.6-pltcl-9.6.22-1.mga7 postgresql9.6-plpgsql-9.6.22-1.mga7 postgresql11-11.12-1.mga7 lib(64)pq5-11.12-1.mga7 lib(64)ecpg11_6-11.12-1.mga7 postgresql11-server-11.12-1.mga7 postgresql11-docs-11.12-1.mga7 postgresql11-contrib-11.12-1.mga7 postgresql11-devel-11.12-1.mga7 postgresql11-pl-11.12-1.mga7 postgresql11-plpython-11.12-1.mga7 postgresql11-plpython3-11.12-1.mga7 postgresql11-plperl-11.12-1.mga7 postgresql11-pltcl-11.12-1.mga7 postgresql11-plpgsql-11.12-1.mga7 from SRPMS: postgresql9.6-9.6.22-1.mga7.src.rpm postgresql11-11.12-1.mga7.src.rpm Updated packages in 8/core/updates_testing: ======================== postgresql11-pl-11.12-1.mga8 postgresql11-pltcl-11.12-1.mga8 postgresql11-plperl-11.12-1.mga8 postgresql11-plpgsql-11.12-1.mga8 postgresql11-plpython3-11.12-1.mga8 lib(64)ecpg11_6-11.12-1.mga8 lib(64)pq5.11-11.12-1.mga8 postgresql11-contrib-11.12-1.mga8 postgresql11-11.12-1.mga8 postgresql11-devel-11.12-1.mga8 postgresql11-docs-11.12-1.mga8 postgresql11-server-11.12-1.mga8 postgresql13-13.3-1.mga8 postgresql13-contrib-13.3-1.mga8 lib(64)ecpg13_6-13.3-1.mga8 lib(64)pq5-13.3-1.mga8 postgresql13-plpgsql-13.3-1.mga8 postgresql13-plpython3-13.3-1.mga8 postgresql13-plperl-13.3-1.mga8 postgresql13-pl-13.3-1.mga8 postgresql13-pltcl-13.3-1.mga8 postgresql13-devel-13.3-1.mga8 postgresql13-docs-13.3-1.mga8 postgresql13-server-13.3-1.mga8 from SRPMS: postgresql11-11.12-1.mga8.src.rpm postgresql13-13.3-1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8Status: NEW => ASSIGNEDCC: (none) => nicolas.salguero
MGA7 The following 12 packages are going to be installed: - lib64ecpg9.6_6-9.6.22-1.mga7.x86_64 - lib64pq5.9-9.6.22-1.mga7.x86_64 - postgresql9.6-9.6.22-1.mga7.x86_64 - postgresql9.6-contrib-9.6.22-1.mga7.x86_64 - postgresql9.6-devel-9.6.22-1.mga7.x86_64 - postgresql9.6-docs-9.6.22-1.mga7.noarch - postgresql9.6-pl-9.6.22-1.mga7.x86_64 - postgresql9.6-plperl-9.6.22-1.mga7.x86_64 - postgresql9.6-plpgsql-9.6.22-1.mga7.x86_64 - postgresql9.6-plpython-9.6.22-1.mga7.x86_64 - postgresql9.6-pltcl-9.6.22-1.mga7.x86_64 - postgresql9.6-server-9.6.22-1.mga7.x86_64 -- started service -- created table inserted values selected values seems to work for 9.6
CC: (none) => brtians1
The following 13 packages are going to be installed: - lib64ecpg11_6-11.12-1.mga7.x86_64 - lib64pq5-11.12-1.mga7.x86_64 - postgresql11-11.12-1.mga7.x86_64 - postgresql11-contrib-11.12-1.mga7.x86_64 - postgresql11-devel-11.12-1.mga7.x86_64 - postgresql11-docs-11.12-1.mga7.noarch - postgresql11-pl-11.12-1.mga7.x86_64 - postgresql11-plperl-11.12-1.mga7.x86_64 - postgresql11-plpgsql-11.12-1.mga7.x86_64 - postgresql11-plpython-11.12-1.mga7.x86_64 - postgresql11-plpython3-11.12-1.mga7.x86_64 - postgresql11-pltcl-11.12-1.mga7.x86_64 - postgresql11-server-11.12-1.mga7.x86_64 - - -- started postgresql in services sit back and have a cuppa tea while it builds base ----- created table inserted lines select rows updated rows selected rows created index works for me.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
MGA8 The following 15 packages are going to be installed: - lib64ecpg11_6-11.12-1.mga8.x86_64 - lib64openssl-devel-1.1.1k-1.mga8.x86_64 - lib64pq5.11-11.12-1.mga8.x86_64 - lib64zlib-devel-1.2.11-9.mga8.x86_64 - multiarch-utils-1.0.14-3.mga8.noarch - postgresql11-11.12-1.mga8.x86_64 - postgresql11-contrib-11.12-1.mga8.x86_64 - postgresql11-devel-11.12-1.mga8.x86_64 - postgresql11-docs-11.12-1.mga8.noarch - postgresql11-pl-11.12-1.mga8.x86_64 - postgresql11-plperl-11.12-1.mga8.x86_64 - postgresql11-plpgsql-11.12-1.mga8.x86_64 - postgresql11-plpython3-11.12-1.mga8.x86_64 - postgresql11-pltcl-11.12-1.mga8.x86_64 - postgresql11-server-11.12-1.mga8.x86_64 --- started the postgres service --- installed nextcloud 20 and set up apache-php-mod started httpd service --- was able to set up nextcloud with postgresql without any issues. Working as designed for
The following 15 packages are going to be installed: - lib64ecpg13_6-13.3-1.mga8.x86_64 - lib64openssl-devel-1.1.1k-1.mga8.x86_64 - lib64pq5-13.3-1.mga8.x86_64 - lib64zlib-devel-1.2.11-9.mga8.x86_64 - multiarch-utils-1.0.14-3.mga8.noarch - postgresql13-13.3-1.mga8.x86_64 - postgresql13-contrib-13.3-1.mga8.x86_64 - postgresql13-devel-13.3-1.mga8.x86_64 - postgresql13-docs-13.3-1.mga8.noarch - postgresql13-pl-13.3-1.mga8.x86_64 - postgresql13-plperl-13.3-1.mga8.x86_64 - postgresql13-plpgsql-13.3-1.mga8.x86_64 - postgresql13-plpython3-13.3-1.mga8.x86_64 - postgresql13-pltcl-13.3-1.mga8.x86_64 - postgresql13-server-13.3-1.mga8.x86_64 --- repeated the same process for postgresql 11. This was a new install as well. Working as designed.
Upgraded from Postgresql 11 to 13 by installation only. - stopped postgres service - ran install of postgresql13.3.1 packages - resumed services system is working. testing a reboot before finalizing approval.
system remained functional, but I think still running 11.12, which is okay. At least it didn't damage things. I've tested 9.6 - mga7 11.12 - mga7 11.12 - mga8 13.3 - mga8 All of them are working and functioning. approving this to be pushed.
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
$ uname -a Linux localhost 5.10.37-desktop-2.mga8 #1 SMP Mon May 17 17:47:02 UTC 2021 i686 i686 i386 GNU/Linux installed postgres13 and confirmed it is working. created table insert update select working for me.
Thanks for all that, Brian. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => ouaurelienKeywords: (none) => advisoryCVE: (none) => CVE-2021-3202[7-9]
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0221.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED