PostgreSQL has released new versions on May 12: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ The issue is fixed upstream in 11.16 and 13.7. Cauldron (postgresql14 and postgresql13) and Mageia 8 (postgresql13 and postgresql11) are affected.
Source RPM: (none) => postgresql11-11.15-1.mga8.src.rpm, postgresql13-13.6-1.mga8.src.rpmCC: (none) => nicolas.salgueroWhiteboard: (none) => MGA8TOO
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox. (CVE-2022-1552) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1552 https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ ======================== Updated packages in core/updates_testing: ======================== lib(64)pq5.11-11.16-1.mga8 lib(64)ecpg11_6-11.16-1.mga8 postgresql11-11.16-1.mga8 postgresql11-contrib-11.16-1.mga8 postgresql11-devel-11.16-1.mga8 postgresql11-docs-11.16-1.mga8 postgresql11-pl-11.16-1.mga8 postgresql11-plperl-11.16-1.mga8 postgresql11-plpgsql-11.16-1.mga8 postgresql11-plpython3-11.16-1.mga8 postgresql11-pltcl-11.16-1.mga8 postgresql11-server-11.16-1.mga8 lib(64)pq5-13.7-1.mga8 lib(64)ecpg13_6-13.7-1.mga8 postgresql13-13.7-1.mga8 postgresql13-contrib-13.7-1.mga8 postgresql13-devel-13.7-1.mga8 postgresql13-docs-13.7-1.mga8 postgresql13-pl-13.7-1.mga8 postgresql13-plperl-13.7-1.mga8 postgresql13-plpgsql-13.7-1.mga8 postgresql13-plpython3-13.7-1.mga8 postgresql13-pltcl-13.7-1.mga8 postgresql13-server-13.7-1.mga8 from SRPMS: postgresql11-11.16-1.mga8.src.rpm postgresql13-13.7-1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)CVE: (none) => CVE-2022-1552Status: NEW => ASSIGNEDVersion: Cauldron => 8Assignee: nicolas.salguero => qa-bugs
MGA8-64 Plasma on Lenovo B50 in Dutch Laptop had version 11 installed, created database and user before update. Run the update for 11 without issues and created a table in the database and inserted some values and selected the rows, all worked OK.
CC: (none) => herman.viaene
Mageia 8 Gnome X64. Updated from postgresql11-11.14-1.mga8.x86_64 without any problem. List of databases, users are still there. I created a new user, new databases. All is ok.
CC: (none) => hdetavernier
Deleted all postgres from the laptop, installed the 13 version, created new database, new user, granted all rights, created table, inserted some values and displayed the rows. All works OK.
The following 9 packages are going to be installed: - libpq5-13.7-1.mga8.i586 - postgresql13-13.7-1.mga8.i586 - postgresql13-contrib-13.7-1.mga8.i586 - postgresql13-pl-13.7-1.mga8.i586 - postgresql13-plperl-13.7-1.mga8.i586 - postgresql13-plpgsql-13.7-1.mga8.i586 - postgresql13-plpython3-13.7-1.mga8.i586 - postgresql13-pltcl-13.7-1.mga8.i586 - postgresql13-server-13.7-1.mga8.i586 54MB of additional disk space will be used. 18MB of packages will be retrieved. Is it ok to continue? ------ started server created database - it worked created table inserted values created index selected values work for me.
CC: (none) => brtians1
Since it's working for everybody, no reason not to OK it. Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-32-OK MGA8-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0201.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED