PostgreSQL has released new versions on November 11: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ The issues are fixed upstream in 11.14 and 13.5. Cauldron and Mageia 8 are affected (postgresql13 and postgresql11).
Whiteboard: (none) => MGA8TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Server processes unencrypted bytes from man-in-the-middle. (CVE-2021-23214) libpq processes unencrypted bytes from man-in-the-middle. (CVE-2021-23222) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23214 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23222 https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ ======================== Updated packages in core/updates_testing: ======================== lib(64)pq5.11-11.14-1.mga8 lib(64)ecpg11_6-11.14-1.mga8 postgresql11-11.14-1.mga8 postgresql11-contrib-11.14-1.mga8 postgresql11-devel-11.14-1.mga8 postgresql11-docs-11.14-1.mga8 postgresql11-pl-11.14-1.mga8 postgresql11-plperl-11.14-1.mga8 postgresql11-plpgsql-11.14-1.mga8 postgresql11-plpython3-11.14-1.mga8 postgresql11-pltcl-11.14-1.mga8 postgresql11-server-11.14-1.mga8 lib(64)pq5-13.5-1.mga8 lib(64)ecpg13_6-13.5-1.mga8 postgresql13-13.5-1.mga8 postgresql13-contrib-13.5-1.mga8 postgresql13-devel-13.5-1.mga8 postgresql13-docs-13.5-1.mga8 postgresql13-pl-13.5-1.mga8 postgresql13-plperl-13.5-1.mga8 postgresql13-plpgsql-13.5-1.mga8 postgresql13-plpython3-13.5-1.mga8 postgresql13-pltcl-13.5-1.mga8 postgresql13-server-13.5-1.mga8 from SRPMS: postgresql11-11.14-1.mga8.src.rpm postgresql13-13.5-1.mga8.src.rpm
CVE: (none) => CVE-2021-23214, CVE-2021-23222Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Version: Cauldron => 8Source RPM: postgresql11, postgresql13 => postgresql11-11.13-1.mga8.src.rpm, postgresql13-13.4-1.mga8.src.rpmAssignee: bugsquad => qa-bugs
MGA8-64 Plasma on Lenovo B50 Installed first 11 version without problems Replicated test from bug 29369 Comment 4 without problems Removing version 11 and installing 13, to be continued.
CC: (none) => herman.viaene
Repeated test for version 13 with same OK results.
Blocks: (none) => 29681
With postgresql11, as reported in bug 29681 ... php-pgsql-8.0.13-1.mga8.i586 (due to unsatisfied postgresql-libs[>= 13.5]) That's after installing the updateed postgresql11 from this report using qarepo. Either php-pgsql has to be fixed to work with postgresql11, or as a workaround, postgresql11 needs to add a provides that works with php-pgsql. Adding feedback tag till a decision is reached.
Whiteboard: (none) => feedbackCC: (none) => davidwhodgins
php-pgsql works with 13, not 11. Also it's part of php, not postgresql. We only have 11 packaged to support migration from Mageia 7.
Whiteboard: feedback => (none)
In that case, validating the update. Both 11 and 13 install cleanly over the prior versions and the service restarts ok.
Actually validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0523.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED