PostgreSQL has released new versions on August 12: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/ The issues are fixed upstream in 11.13 and 13.4. Cauldron and Mageia 8 are affected (postgresql13 and postgresql11).
Whiteboard: (none) => MGA8TOO
Ubuntu has issued an advisory for this on August 12: https://ubuntu.com/security/notices/USN-5038-1
These SRPMs have registered maintainers (both CC'd), but most recently have been committed by different packagers, so assigning this bug globally.
Assignee: bugsquad => pkg-bugsCC: (none) => joequant, mageia
Suggested advisory: ======================== The updated packages fix a security vulnerability: Memory disclosure in certain queries. (CVE-2021-3677) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3677 https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/ https://ubuntu.com/security/notices/USN-5038-1 ======================== Updated packages in core/updates_testing: ======================== postgresql11-contrib-11.13-1.mga8 postgresql11-11.13-1.mga8 lib(64)pq5.11-11.13-1.mga8 postgresql11-plpgsql-11.13-1.mga8 lib(64)ecpg11_6-11.13-1.mga8 postgresql11-plpython3-11.13-1.mga8 postgresql11-pl-11.13-1.mga8 postgresql11-plperl-11.13-1.mga8 postgresql11-pltcl-11.13-1.mga8 postgresql11-devel-11.13-1.mga8 postgresql11-docs-11.13-1.mga8 postgresql11-server-11.13-1.mga8 postgresql13-pl-13.4-1.mga8 postgresql13-pltcl-13.4-1.mga8 postgresql13-plperl-13.4-1.mga8 postgresql13-plpython3-13.4-1.mga8 lib(64)pq5-13.4-1.mga8 lib(64)ecpg13_6-13.4-1.mga8 postgresql13-plpgsql-13.4-1.mga8 postgresql13-13.4-1.mga8 postgresql13-devel-13.4-1.mga8 postgresql13-docs-13.4-1.mga8 postgresql13-server-13.4-1.mga8 from SRPMS: postgresql11-11.13-1.mga8.src.rpm postgresql13-13.4-1.mga8.src.rpm
CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)CVE: (none) => CVE-2021-3677Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 8
Mageia Gnome X64 Installation postgresql11-server without any problem. rpmq -i --media "Core Updates testing" postgresql11-server Name : postgresql11-server Version : 11.13 Release : 1.mga8 Group : Databases Size : 44384754 Architecture: x86_64 Source RPM : postgresql11-11.13-1.mga8.src.rpm URL : http://www.postgresql.org/ Summary : The programs needed to create and run a PostgreSQL server Description : The postgresql-server package includes the programs needed to create and run a PostgreSQL server, which will in turn allow you to create and maintain PostgreSQL databases. PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). You should install postgresql-server if you want to create and maintain your own PostgreSQL databases and/or your own PostgreSQL server. You also need to install the postgresql and postgresql-devel packages. After installing this package, please read postgresql.Mageia.releasenote. [root@localhost hugo]# urpmi --media "Core Updates testing" postgresql11-server Pour satisfaire les dépendances, les paquetages suivants vont être installés : Paquetage Version Révision Arch (média « Core Updates Testing ») postgresql11-plpgsql 11.13 1.mga8 x86_64 postgresql11-server 11.13 1.mga8 x86_64 un espace additionnel de 42Mo sera utilisé. 14Mo de paquets seront récupérés. Procéder à l'installation des 2 paquetages ? (O/n) O $MIRRORLIST: media/core/updates_testing/postgresql11-server-11.13-1.mga8.x86_64.rpm $MIRRORLIST: media/core/updates_testing/postgresql11-plpgsql-11.13-1.mga8.x86_64.rpm installation de postgresql11-plpgsql-11.13-1.mga8.x86_64.rpm postgresql11-server-11.13-1.mga8.x86_64.rpm depuis /var/cache/urpmi/rpms Préparation... ################################################## 1/2: postgresql11-server ################################################## 2/2: postgresql11-plpgsql ################################################## ---------------------------------------------------------------------- Plus d'information sur le paquetage postgresql11-server-11.13-1.mga8.x86_64 You just installed or updated postgresql server. You can find important information about Mageia postgresql rpms and database management in: /usr/share/doc/postgresql11-server/postgresql.Mageia.releasenote Please read it. systemctl start postgresql systemctl status postgresql ● postgresql.service - PostgreSQL database server Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; vendor pr> Active: active (running) since Tue 2021-08-31 19:16:43 CEST; 7s ago Process: 44114 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=ex> Process: 44125 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -> Main PID: 44127 (postgres) Tasks: 7 (limit: 2321) Memory: 61.2M CPU: 447ms CGroup: /system.slice/postgresql.service ├─44127 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432 ├─44130 postgres: checkpointer ├─44131 postgres: background writer ├─44132 postgres: walwriter ├─44133 postgres: autovacuum launcher ├─44134 postgres: stats collector └─44135 postgres: logical replication launcher août 31 19:16:42 localhost systemd[1]: Starting PostgreSQL database server... août 31 19:16:43 localhost pg_ctl[44127]: 2021-08-31 19:16:43.427 CEST [44127] LOG: > août 31 19:16:43 localhost pg_ctl[44127]: 2021-08-31 19:16:43.427 CEST [44127] LOG: > août 31 19:16:43 localhost pg_ctl[44127]: 2021-08-31 19:16:43.427 CEST [44127] LOG: > lines 1-22 [root@localhost hugo]# su - postgres [postgres@localhost ~]$ psql psql (11.13) Type "help" for help. postgres=# postgres=# CREATE DATABASE Mageia; CREATE DATABASE postgres=# SELECT datname FROM pg_database; datname ----------- postgres mageia template1 template0 (4 rows) All seems ok.
CC: (none) => hdetavernier
MGA8 - 64bit - Gnome The following 17 packages are going to be installed: - lib64ecpg13_6-13.4-1.mga8.x86_64 - lib64openssl-devel-1.1.1l-1.mga8.x86_64 - lib64openssl1.1-1.1.1l-1.mga8.x86_64 - lib64pq5-13.4-1.mga8.x86_64 - lib64zlib-devel-1.2.11-9.mga8.x86_64 - multiarch-utils-1.0.14-3.mga8.noarch - openssl-1.1.1l-1.mga8.x86_64 - postgresql13-13.4-1.mga8.x86_64 - postgresql13-contrib-13.4-1.mga8.x86_64 - postgresql13-devel-13.4-1.mga8.x86_64 - postgresql13-docs-13.4-1.mga8.noarch - postgresql13-pl-13.4-1.mga8.x86_64 - postgresql13-plperl-13.4-1.mga8.x86_64 - postgresql13-plpgsql-13.4-1.mga8.x86_64 - postgresql13-plpython3-13.4-1.mga8.x86_64 - postgresql13-pltcl-13.4-1.mga8.x86_64 - postgresql13-server-13.4-1.mga8.x86_64 I was able to start the SQL server with no issues. I then turned around and installed Nextcloud-Server and pointed it to postgres. It went through all of the initial database build, table creations, and initial configs without issue. No issues and I was able to publish a document in Nextcloud. Postgres is working as designed.
Whiteboard: (none) => MGA8-64-OKCC: (none) => brtians1
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0424.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED