PostgreSQL has released new versions on February 8: https://www.postgresql.org/about/news/postgresql-162-156-1411-1314-and-1218-released-2807/ The issues is fixed upstream in 13.14 and 15.6. Mageia 9 is also affected.
Source RPM: (none) => postgresql15, postgresql13Assignee: bugsquad => nicolas.salgueroWhiteboard: (none) => MGA9TOO
Suggested advisory: ======================== The updated packages fix a security vulnerability: PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL. (CVE-2024-0985) References: https://www.postgresql.org/about/news/postgresql-162-156-1411-1314-and-1218-released-2807/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ecpg15_6-15.6-1.mga9 lib(64)pq5-15.6-1.mga9 postgresql15-15.6-1.mga9 postgresql15-contrib-15.6-1.mga9 postgresql15-devel-15.6-1.mga9 postgresql15-docs-15.6-1.mga9 postgresql15-pl-15.6-1.mga9 postgresql15-plperl-15.6-1.mga9 postgresql15-plpgsql-15.6-1.mga9 postgresql15-plpython3-15.6-1.mga9 postgresql15-pltcl-15.6-1.mga9 postgresql15-server-15.6-1.mga9 lib(64)ecpg13_6-13.14-1.mga9 lib(64)pq5.13-13.14-1.mga9 postgresql13-13.14-1.mga9 postgresql13-contrib-13.14-1.mga9 postgresql13-devel-13.14-1.mga9 postgresql13-docs-13.14-1.mga9 postgresql13-pl-13.14-1.mga9 postgresql13-plperl-13.14-1.mga9 postgresql13-plpgsql-13.14-1.mga9 postgresql13-plpython3-13.14-1.mga9 postgresql13-pltcl-13.14-1.mga9 postgresql13-server-13.14-1.mga9 from SRPMS: postgresql15-15.6-1.mga9.src.rpm postgresql13-13.14-1.mga9.src.rpm
Assignee: nicolas.salguero => qa-bugsWhiteboard: MGA9TOO => (none)CVE: (none) => CVE-2024-0985Status: NEW => ASSIGNEDVersion: Cauldron => 9
URL: (none) => https://www.postgresql.org/about/news/postgresql-162-156-1411-1314-and-1218-released-2807/Keywords: (none) => advisoryCC: (none) => marja11
MGA9-64, Vbox The following 14 packages are going to be installed: - lib64ecpg15_6-15.6-1.mga9.x86_64 - lib64openssl-devel-3.0.12-1.1.mga9.x86_64 - lib64pq5-15.6-1.mga9.x86_64 - lib64zlib-devel-1.2.13-1.2.mga9.x86_64 - postgresql15-15.6-1.mga9.x86_64 - postgresql15-contrib-15.6-1.mga9.x86_64 - postgresql15-devel-15.6-1.mga9.x86_64 - postgresql15-docs-15.6-1.mga9.noarch - postgresql15-pl-15.6-1.mga9.x86_64 - postgresql15-plperl-15.6-1.mga9.x86_64 - postgresql15-plpgsql-15.6-1.mga9.x86_64 - postgresql15-plpython3-15.6-1.mga9.x86_64 - postgresql15-pltcl-15.6-1.mga9.x86_64 - postgresql15-server-15.6-1.mga9.x86_64 --- started service psql could not change directory to "/home/brian": Permission denied psql (15.6) Type "help" for help. postgres=# create database mageia postgres-# ; CREATE DATABASE postgres=# \c mageia You are now connected to database "mageia" as user "postgres". mageia=# create table mag_versions (name varchar(12), cr_date date); CREATE TABLE mageia=# insert into mag_versions values ('9', '26-Aug-2023'); insert into mag_versions values ('8', '2-Feb-2021'); INSERT 0 1 INSERT 0 1 mageia=# select * from mag_versions; name | cr_date ------+------------ 9 | 2023-08-26 8 | 2021-02-02 (2 rows) mageia=# create index magidx on mag_versions(name); CREATE INDEX mageia=# insert into mag_versions values ('9', '26-Aug-2023'); insert into mag_versions values ('10', '2-Aug-2024'); INSERT 0 1 INSERT 0 1 mageia=# select * from mag_versions; name | cr_date ------+------------ 9 | 2023-08-26 8 | 2021-02-02 9 | 2023-08-26 10 | 2024-08-02 (4 rows) mageia=# \q Working as expected on my slight test
CC: (none) => brtians1
MGA9-64, Vbox - new build The following 14 packages are going to be installed: - lib64ecpg13_6-13.14-1.mga9.x86_64 - lib64openssl-devel-3.0.12-1.1.mga9.x86_64 - lib64pq5.13-13.14-1.mga9.x86_64 - lib64zlib-devel-1.2.13-1.2.mga9.x86_64 - postgresql13-13.14-1.mga9.x86_64 - postgresql13-contrib-13.14-1.mga9.x86_64 - postgresql13-devel-13.14-1.mga9.x86_64 - postgresql13-docs-13.14-1.mga9.noarch - postgresql13-pl-13.14-1.mga9.x86_64 - postgresql13-plperl-13.14-1.mga9.x86_64 - postgresql13-plpgsql-13.14-1.mga9.x86_64 - postgresql13-plpython3-13.14-1.mga9.x86_64 - postgresql13-pltcl-13.14-1.mga9.x86_64 - postgresql13-server-13.14-1.mga9.x86_64 84MB of additional disk space will be used. 24MB of packages will be retrieved. - started services # create database mageia; CREATE DATABASE postgres=# \c mageia; You are now connected to database "mageia" as user "postgres". mageia=# create table mag_versions (name varchar(12), cr_date date); CREATE TABLE mageia=# create index magidx on mag_versions(name); CREATE INDEX mageia=# insert into mag_versions values ('9', '26-Aug-2023'); insert into mag_versions values ('8', '2-Feb-2021'); INSERT 0 1 INSERT 0 1 mageia=# select * from mag_versions; name | cr_date ------+------------ 9 | 2023-08-26 8 | 2021-02-02 (2 rows) mageia=# insert into mag_versions values ('10', '2-Aug-2024'); INSERT 0 1 mageia=# select * from mag_versions; name | cr_date ------+------------ 9 | 2023-08-26 8 | 2021-02-02 10 | 2024-08-02 (3 rows) mageia=# delete mag_versions where name = '10' mageia-# ; ERROR: syntax error at or near "mag_versions" LINE 1: delete mag_versions where name = '10' ^ mageia=# delete from mag_versions where name = '10' ; DELETE 1 mageia=# select * from mag_versions; name | cr_date ------+------------ 9 | 2023-08-26 8 | 2021-02-02 (2 rows) working as expected Anybody have an ugprade they can do?
Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm
Thomas you decide
Postgres15 - MGA9-64, Nextcloud Nextcloud postgres - upgrade from 15.5 Works as expected
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0043.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED