PostgreSQL has released new versions on November 9: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ The issues are fixed upstream in 11.22, 13.13 and 15.5. Cauldron, Mageia ç and Mageia 8 are affected (postgresql15, postgresql13 and postgresql11).
Whiteboard: (none) => MGA9TOO, MGA8TOOSource RPM: (none) => postgresql15, postgresql13, postgresql11CC: (none) => nicolas.salguero
Oops: Cauldron, Mageia 9 and Mageia 8 are affected (postgresql15, postgresql13 and postgresql11).
postgresql15 is maintained by you (ns80) postgresql13 is maintained by joequant and postgresql11 by nobody. I don't know whom to assign to, will CC joequant and all packagers.
CC: (none) => joequant, joequant, marja11, pkg-bugs
It looks like Nicolas is the main current committer for both v13 & v15, so assigning to you for those. For v11, I do not see it, but MaintDB shows MarcK for 11.1, so CC'ing him.
Assignee: bugsquad => nicolas.salgueroCC: nicolas.salguero => mageia
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Memory disclosure in aggregate function calls. (CVE-2023-5868) Buffer overrun from integer overflow in array modification. (CVE-2023-5869) Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5868 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5869 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5870 https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ ======================== Updated packages in 8/core/updates_testing: ======================== lib(64)ecpg13_6-13.13-1.mga8 lib(64)pq5-13.13-1.mga8 postgresql13-13.13-1.mga8 postgresql13-contrib-13.13-1.mga8 postgresql13-devel-13.13-1.mga8 postgresql13-docs-13.13-1.mga8 postgresql13-pl-13.13-1.mga8 postgresql13-plperl-13.13-1.mga8 postgresql13-plpgsql-13.13-1.mga8 postgresql13-plpython3-13.13-1.mga8 postgresql13-pltcl-13.13-1.mga8 postgresql13-server-13.13-1.mga8 lib(64)ecpg11_6-11.22-1.mga8 lib(64)pq5.11-11.22-1.mga8 postgresql11-11.22-1.mga8 postgresql11-contrib-11.22-1.mga8 postgresql11-devel-11.22-1.mga8 postgresql11-docs-11.22-1.mga8 postgresql11-pl-11.22-1.mga8 postgresql11-plperl-11.22-1.mga8 postgresql11-plpgsql-11.22-1.mga8 postgresql11-plpython3-11.22-1.mga8 postgresql11-pltcl-11.22-1.mga8 postgresql11-server-11.22-1.mga8 from SRPMS: postgresql13-13.13-1.mga8.src.rpm postgresql11-11.22-1.mga8.src.rpm Updated packages in 9/core/updates_testing: ======================== lib(64)ecpg15_6-15.5-1.mga9 lib(64)pq5-15.5-1.mga9 postgresql15-15.5-1.mga9 postgresql15-contrib-15.5-1.mga9 postgresql15-devel-15.5-1.mga9 postgresql15-docs-15.5-1.mga9 postgresql15-pl-15.5-1.mga9 postgresql15-plperl-15.5-1.mga9 postgresql15-plpgsql-15.5-1.mga9 postgresql15-plpython3-15.5-1.mga9 postgresql15-pltcl-15.5-1.mga9 postgresql15-server-15.5-1.mga9 lib(64)ecpg13_6-13.13-1.mga9 lib(64)pq5.13-13.13-1.mga9 postgresql13-13.13-1.mga9 postgresql13-contrib-13.13-1.mga9 postgresql13-devel-13.13-1.mga9 postgresql13-docs-13.13-1.mga9 postgresql13-pl-13.13-1.mga9 postgresql13-plperl-13.13-1.mga9 postgresql13-plpgsql-13.13-1.mga9 postgresql13-plpython3-13.13-1.mga9 postgresql13-pltcl-13.13-1.mga9 postgresql13-server-13.13-1.mga9 from SRPMS: postgresql15-15.5-1.mga9.src.rpm postgresql13-13.13-1.mga9.src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNEDWhiteboard: MGA9TOO, MGA8TOO => MGA8TOOCC: (none) => nicolas.salgueroVersion: Cauldron => 9
Advisory from comment 4 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisory
MGA8-64 Xfce on Acer Aspire 5253. First installed the 11 series # systemctl start postgresql # systemctl -l status postgresql ● postgresql.service - PostgreSQL database server Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2023-11-16 14:02:04 CET; 15s ago Process: 19101 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS) Process: 19125 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS) Main PID: 19127 (postgres) Tasks: 7 (limit: 4364) Memory: 59.5M CPU: 4.834s CGroup: /system.slice/postgresql.service ├─19127 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432 ├─19129 postgres: checkpointer ├─19130 postgres: background writer ├─19131 postgres: walwriter ├─19132 postgres: autovacuum launcher ├─19133 postgres: stats collector └─19134 postgres: logical replication launcher Nov 16 14:01:58 mach7.hviaene.thuis systemd[1]: Starting PostgreSQL database server... Nov 16 14:02:04 mach7.hviaene.thuis pg_ctl[19127]: 2023-11-16 14:02:04.581 CET [19127] LOG: listening on IPv6 address "::1", port 5432 Nov 16 14:02:04 mach7.hviaene.thuis pg_ctl[19127]: 2023-11-16 14:02:04.583 CET [19127] LOG: listening on IPv4 address "127.0.0.1", po> Nov 16 14:02:04 mach7.hviaene.thuis pg_ctl[19127]: 2023-11-16 14:02:04.613 CET [19127] LOG: listening on Unix socket "/tmp/.s.PGSQL.5> Nov 16 14:02:04 mach7.hviaene.thuis pg_ctl[19128]: 2023-11-16 14:02:04.785 CET [19128] LOG: database system was shut down at 2023-11-> Nov 16 14:02:04 mach7.hviaene.thuis pg_ctl[19127]: 2023-11-16 14:02:04.834 CET [19127] LOG: database system is ready to accept connec> Nov 16 14:02:04 mach7.hviaene.thuis systemd[1]: Started PostgreSQL database server. Then started pgdmin4, created a new connection to localhost, created a new database, a new table in it with a primary and unique key, inserted two rows of data, and created a backup of this database. So far so good. Now continuing with the 13 series
CC: (none) => herman.viaene
Installed 13 series, checked that this replaced the 11-series completely. # systemctl start postgresql [root@mach7 ~]# systemctl -l status postgresql ● postgresql.service - PostgreSQL database server Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2023-11-16 16:00:31 CET; 3s ago Process: 36621 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS) Process: 36622 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS) Main PID: 36624 (postgres) Tasks: 7 (limit: 4364) Memory: 14.1M CPU: 151ms CGroup: /system.slice/postgresql.service ├─36624 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432 ├─36627 postgres: checkpointer ├─36628 postgres: background writer ├─36629 postgres: walwriter ├─36630 postgres: autovacuum launcher ├─36631 postgres: stats collector └─36632 postgres: logical replication launcher Nov 16 16:00:29 mach7.hviaene.thuis systemd[1]: Starting PostgreSQL database server... Nov 16 16:00:30 mach7.hviaene.thuis pg_ctl[36624]: 2023-11-16 16:00:30.970 CET [36624] LOG: listening on IPv6 address "::1", port 5432 Nov 16 16:00:30 mach7.hviaene.thuis pg_ctl[36624]: 2023-11-16 16:00:30.970 CET [36624] LOG: listening on IPv4 address "127.0.0.1", po> Nov 16 16:00:31 mach7.hviaene.thuis pg_ctl[36624]: 2023-11-16 16:00:31.014 CET [36624] LOG: listening on Unix socket "/tmp/.s.PGSQL.5> Nov 16 16:00:31 mach7.hviaene.thuis pg_ctl[36626]: 2023-11-16 16:00:31.229 CET [36626] LOG: database system was shut down at 2023-11-> Nov 16 16:00:31 mach7.hviaene.thuis pg_ctl[36624]: 2023-11-16 16:00:31.279 CET [36624] LOG: database system is ready to accept connec> Nov 16 16:00:31 mach7.hviaene.thuis systemd[1]: Started PostgreSQL database server. Then used pgadmin4 again to open the testdatabase, looked OK. Created a new table with a.o. a foreign key to the first table above. Inserted values and created a query SQL joining the two tables. Works like a charm for M8. Good enough for me unless someone else has more ideas.
Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
MGA9-64 Xfce on Acer Aspire 5253. First installed the 13 series # systemctl start postgresql [root@mach7 beelden]# systemctl -l status postgresql ● postgresql.service - PostgreSQL database server Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; pres> Active: active (running) since Mon 2023-11-20 14:30:25 CET; 16s ago Process: 6779 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (cod> Process: 6780 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPOR> Main PID: 6782 (postgres) Tasks: 7 (limit: 4317) Memory: 21.2M CPU: 270ms CGroup: /system.slice/postgresql.service ├─6782 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432 ├─6788 "postgres: checkpointer " ├─6789 "postgres: background writer " ├─6790 "postgres: walwriter " ├─6791 "postgres: autovacuum launcher " ├─6792 "postgres: stats collector " └─6793 "postgres: logical replication launcher " Nov 20 14:30:24 mach7.hviaene.thuis systemd[1]: Starting postgresql.service... Nov 20 14:30:24 mach7.hviaene.thuis pg_ctl[6782]: 2023-11-20 14:30:24.875 CET [> Nov 20 14:30:24 mach7.hviaene.thuis pg_ctl[6782]: 2023-11-20 14:30:24.887 CET [> Nov 20 14:30:24 mach7.hviaene.thuis pg_ctl[6782]: 2023-11-20 14:30:24.896 CET [> Nov 20 14:30:24 mach7.hviaene.thuis pg_ctl[6782]: 2023-11-20 14:30:24.940 CET [> As pgAdmin4 is not available anymore in M9, installed from upstream the rpm for DBeaver 23.2.5 Connected to the postgres and did same test as described in Comment 6 above. Works OK.
MGA9-64 Xfce on Acer Aspire 5253. Installed 15 version over existing 13, no problem. # systemctl start postgresql # systemctl -l status postgresql ● postgresql.service - PostgreSQL database server Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; preset: disabled) Active: active (running) since Mon 2023-11-20 15:14:42 CET; 2s ago Process: 55944 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS) Process: 55949 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/> Main PID: 55953 (postgres) Tasks: 7 (limit: 4317) Memory: 15.1M CPU: 207ms CGroup: /system.slice/postgresql.service ├─55953 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432 ├─55984 "postgres: checkpointer " ├─55985 "postgres: background writer " ├─55986 "postgres: walwriter " ├─55987 "postgres: autovacuum launcher " ├─55988 "postgres: stats collector " └─55989 "postgres: logical replication launcher " Nov 20 15:14:42 mach7.hviaene.thuis systemd[1]: Starting postgresql.service... Nov 20 15:14:42 mach7.hviaene.thuis pg_ctl[55953]: 2023-11-20 15:14:42.492 CET [55953] LOG: starting PostgreSQL 13.> Nov 20 15:14:42 mach7.hviaene.thuis pg_ctl[55953]: 2023-11-20 15:14:42.523 CET [55953] LOG: listening on IPv4 addre> Nov 20 15:14:42 mach7.hviaene.thuis pg_ctl[55953]: 2023-11-20 15:14:42.537 CET [55953] LOG: could not create IPv6 s> Nov 20 15:14:42 mach7.hviaene.thuis pg_ctl[55953]: 2023-11-20 15:14:42.568 CET [55953] LOG: listening on Unix socke> Nov 20 15:14:42 mach7.hviaene.thuis pg_ctl[55982]: 2023-11-20 15:14:42.681 CET [55982] LOG: database system was shu> Nov 20 15:14:42 mach7.hviaene.thuis pg_ctl[55953]: 2023-11-20 15:14:42.747 CET [55953] LOG: database system is read> Nov 20 15:14:42 mach7.hviaene.thuis systemd[1]: Started postgresql.service. Deleted table created in Comment 8, created a similar new one and populated with some data. All works OK.
Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
Many thanks, Herman. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0324.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED