This is the new release post:
PostgreSQL 17.1,..., 15.9,..., 13.17
Posted on 2024-11-14 by PostgreSQL Global Development Group

Our current Cauldron situation is:
Nov 18 16:44:00 2024 UTC (2 hours, 12 minutes ago)
- new version 17.1                                ***
 previously Sep 26 21:12:48 2024 UTC (7 weeks, 3 days ago)
- new version 17.0
Sep 9 07:46:54 2024 UTC (2 months, 1 week ago)
- new version 15.8
May 15 13:58:44 2024 UTC (6 months ago)
- new version 13.15

So the immediate action for each one is:
 version 13.15: *leave as-is* until corrective release promised Nov 21st.
 version 15.8:  *leave as-is* until corrective release promised Nov 21st.
 version 17.1: Problematic. It has only just been committed, hardly distributed. Ideally it would be pulled, but I doubt that Cauldron can be rolled back. So users will have to live with it until the promised corrective release.

In short, sit on PostgreSQL** until the imminent next release.

Assignee: bugsquad => pkg-bugs
CC: (none) => jani.valimaa

PostgreSQL has released new versions on November 21:
https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

PostgreSQL row security below e.g. subqueries disregards user ID changes. (CVE-2024-10976)

PostgreSQL libpq retains an error message from man-in-the-middle. (CVE-2024-10977)

PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. (CVE-2024-10978)

PostgreSQL PL/Perl environment variable changes execute arbitrary code. (CVE-2024-10979)

References:
https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
https://www.openwall.com/lists/oss-security/2024/11/17/1
https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/
========================

Updated packages in core/updates_testing:
========================
lib(64)ecpg15_6-15.10-1.mga9
lib(64)pq5-15.10-1.mga9
postgresql15-15.10-1.mga9
postgresql15-contrib-15.10-1.mga9
postgresql15-devel-15.10-1.mga9
postgresql15-docs-15.10-1.mga9
postgresql15-pl-15.10-1.mga9
postgresql15-plperl-15.10-1.mga9
postgresql15-plpgsql-15.10-1.mga9
postgresql15-plpython3-15.10-1.mga9
postgresql15-pltcl-15.10-1.mga9
postgresql15-server-15.10-1.mga9

lib(64)ecpg13_6-13.18-1.mga9
lib(64)pq5.13-13.18-1.mga9
postgresql13-13.18-1.mga9
postgresql13-contrib-13.18-1.mga9
postgresql13-devel-13.18-1.mga9
postgresql13-docs-13.18-1.mga9
postgresql13-pl-13.18-1.mga9
postgresql13-plperl-13.18-1.mga9
postgresql13-plpgsql-13.18-1.mga9
postgresql13-plpython3-13.18-1.mga9
postgresql13-pltcl-13.18-1.mga9
postgresql13-server-13.18-1.mga9

from SRPMS:
postgresql15-15.10-1.mga9.src.rpm
postgresql13-13.18-1.mga9.src.rpm

Source RPM: postgresql17, postgresql15, postgresql13 => postgresql15, postgresql13
Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)
Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 9

MGA-64  Plasma Wayland on HP-Pavillion
No installaion issues
Installed first version 13 and tested as in bug 3321 Comment 2
# systemctl start postgresql

# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; preset: disabled)
     Active: active (running) since Fri 2024-11-22 14:12:36 CET; 18s ago
    Process: 64584 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 65022 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 65036 (postgres)
      Tasks: 7 (limit: 4473)
     Memory: 60.4M
        CPU: 2.321s
     CGroup: /system.slice/postgresql.service
             ├─65036 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─65078 "postgres: checkpointer "
             ├─65079 "postgres: background writer "
             ├─65080 "postgres: walwriter "
             ├─65081 "postgres: autovacuum launcher "
             ├─65082 "postgres: stats collector "
             └─65083 "postgres: logical replication launcher "

Nov 22 14:12:33 mach4.hviaene.thuis systemd[1]: Starting postgresql.service...
Nov 22 14:12:36 mach4.hviaene.thuis pg_ctl[65036]: 2024-11-22 14:12:36.559 CET [65036] LOG:  starting PostgreSQL 13.18 on x86_64-mageia-linux-gnu, compiled by gc>
Nov 22 14:12:36 mach4.hviaene.thuis pg_ctl[65036]: 2024-11-22 14:12:36.561 CET [65036] LOG:  listening on IPv6 address "::1", port 5432
Nov 22 14:12:36 mach4.hviaene.thuis pg_ctl[65036]: 2024-11-22 14:12:36.561 CET [65036] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Nov 22 14:12:36 mach4.hviaene.thuis pg_ctl[65036]: 2024-11-22 14:12:36.605 CET [65036] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Nov 22 14:12:36 mach4.hviaene.thuis pg_ctl[65069]: 2024-11-22 14:12:36.675 CET [65069] LOG:  database system was shut down at 2024-11-22 14:12:35 CET
Nov 22 14:12:36 mach4.hviaene.thuis pg_ctl[65036]: 2024-11-22 14:12:36.737 CET [65036] LOG:  database system is ready to accept connections

# systemctl enable postgresql
Created symlink /etc/systemd/system/multi-user.target.wants/postgresql.service → /usr/lib/systemd/system/postgresql.service.

# systemctl restart postgresql

# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-11-22 14:13:49 CET; 4s ago
    Process: 76317 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 76318 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 76320 (postgres)
      Tasks: 7 (limit: 4473)
     Memory: 15.0M
        CPU: 135ms
     CGroup: /system.slice/postgresql.service
             ├─76320 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─76323 "postgres: checkpointer "
             ├─76324 "postgres: background writer "
             ├─76325 "postgres: walwriter "
             ├─76326 "postgres: autovacuum launcher "
             ├─76327 "postgres: stats collector "
             └─76328 "postgres: logical replication launcher "

Nov 22 14:13:49 mach4.hviaene.thuis systemd[1]: Starting postgresql.service...
Nov 22 14:13:49 mach4.hviaene.thuis pg_ctl[76320]: 2024-11-22 14:13:49.448 CET [76320] LOG:  starting PostgreSQL 13.18 on x86_64-mageia-linux-gnu, compiled by gc>
Nov 22 14:13:49 mach4.hviaene.thuis pg_ctl[76320]: 2024-11-22 14:13:49.450 CET [76320] LOG:  listening on IPv6 address "::1", port 5432
Nov 22 14:13:49 mach4.hviaene.thuis pg_ctl[76320]: 2024-11-22 14:13:49.450 CET [76320] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Nov 22 14:13:49 mach4.hviaene.thuis pg_ctl[76320]: 2024-11-22 14:13:49.483 CET [76320] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Nov 22 14:13:49 mach4.hviaene.thuis pg_ctl[76321]: 2024-11-22 14:13:49.564 CET [76321] LOG:  database system was shut down at 2024-11-22 14:13:49 CET
Nov 22 14:13:49 mach4.hviaene.thuis pg_ctl[76320]: 2024-11-22 14:13:49.626 CET [76320] LOG:  database system is ready to accept connections

Then as normal user
$ psql -U postgres
psql (13.18)
Type "help" for help.

postgres=# create database mageia;
CREATE DATABASE
postgres=# \c mageia;
You are now connected to database "mageia" as user "postgres".
mageia=# create table mag_versions (name varchar(12), cr_date date);
CREATE TABLE
mageia=# create index magidx on mag_versions(name);
CREATE INDEX
mageia=# insert into mag_versions values ('9', '26-Aug-2023');
INSERT 0 1
mageia=# insert into mag_versions values ('8', '2-Feb-2021');
INSERT 0 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 9    | 2023-08-26
 8    | 2021-02-02
(2 rows)

mageia=# insert into mag_versions values ('10', '25-Mar-2025');
INSERT 0 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 9    | 2023-08-26
 8    | 2021-02-02
 10   | 2025-03-25
(3 rows)

mageia=# delete from mag_versions where name = '10';
DELETE 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 9    | 2023-08-26
 8    | 2021-02-02
(2 rows)

Continuing for version 15

CC: (none) => herman.viaene

Deleted all 1 stuff, installed 5 and repeated tests above resulting in:
# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-11-22 14:39:16 CET; 3s ago
    Process: 171946 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 171947 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 171949 (postgres)
      Tasks: 6 (limit: 4473)
     Memory: 15.7M
        CPU: 129ms
     CGroup: /system.slice/postgresql.service
             ├─171949 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─171951 "postgres: checkpointer "
             ├─171952 "postgres: background writer "
             ├─171954 "postgres: walwriter "
             ├─171955 "postgres: autovacuum launcher "
             └─171956 "postgres: logical replication launcher "

Nov 22 14:39:16 mach4.hviaene.thuis systemd[1]: Starting postgresql.service...
Nov 22 14:39:16 mach4.hviaene.thuis pg_ctl[171949]: 2024-11-22 14:39:16.542 CET [171949] LOG:  starting PostgreSQL 15.10 on x86_64-mageia-linux-gnu, compiled by >
Nov 22 14:39:16 mach4.hviaene.thuis pg_ctl[171949]: 2024-11-22 14:39:16.544 CET [171949] LOG:  listening on IPv6 address "::1", port 5432
Nov 22 14:39:16 mach4.hviaene.thuis pg_ctl[171949]: 2024-11-22 14:39:16.544 CET [171949] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Nov 22 14:39:16 mach4.hviaene.thuis pg_ctl[171949]: 2024-11-22 14:39:16.576 CET [171949] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Nov 22 14:39:16 mach4.hviaene.thuis pg_ctl[171953]: 2024-11-22 14:39:16.658 CET [171953] LOG:  database system was shut down at 2024-11-22 14:39:16 CET
Nov 22 14:39:16 mach4.hviaene.thuis pg_ctl[171949]: 2024-11-22 14:39:16.715 CET [171949] LOG:  database system is ready to accept connections
Nov 22 14:39:16 mach4.hviaene.thuis systemd[1]: Started postgresql.service.
and
$ psql -U postgres
psql (15.10)
Type "help" for help.

postgres=# create database mageia;
CREATE DATABASE
postgres=# \c mageia;
You are now connected to database "mageia" as user "postgres".
mageia=# create table mag_versions (name varchar(12), cr_date date);
CREATE TABLE
mageia=# create index magidx on mag_versions(name);
CREATE INDEX
mageia=# insert into mag_versions values ('10', '25-Mar-2025');
INSERT 0 1
mageia=# insert into mag_versions values ('8', '2-Feb-2021');
INSERT 0 1
mageia=# insert into mag_versions values ('9', '26-Aug-2023');
INSERT 0 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 10   | 2025-03-25
 8    | 2021-02-02
 9    | 2023-08-26
(3 rows)

mageia=# delete from mag_versions where name = '10';
DELETE 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 8    | 2021-02-02
 9    | 2023-08-26
(2 rows)

mageia=# quit
Seems good, over to higher powers

Thank you Herman for your test

Whiteboard: (none) => MGA9-64-OK
CC: (none) => andrewsfarm

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0372.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED