9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
An update that solves 7 vulnerabilities and has two fixes
is now available.
Description:
This update for postgresql96, postgresql10 and postgresql12 fixes the
following issues:
postgresql10 was updated to 10.13 (bsc#1171924).
https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/10/release-10-13.html
postgresql10 was updated to 10.12 (CVE-2020-1720, bsc#1163985)
postgresql10 was updated to 10.11:
postgresql12 was updated to 12.3 (bsc#1171924).
Bug Fixes and Improvements:
This update also contains timezone tzdata release 2020a for DST law
changes in Morocco and the Canadian Yukon, plus historical corrections for
Shanghai. The America/Godthab zone has been renamed to America/Nuuk to
reflect current English usage ; however, the old name remains available as
a compatibility link. This also updates initdb’s list of known Windows
time zone names to include recent additions.
For more details, check out:
Other fixes:
postgresql96 was updated to 9.6.19:
* CVE-2020-14350, boo#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/9.6/release-9-6-19.html
Pack the /usr/lib/postgresql symlink only into the main package.
Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get a clean
and complete cutover to the new packaging schema.
update to 9.6.18 (boo#1171924).
https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/9.6/release-9-6-18.html
Unify the spec file to work across all current PostgreSQL versions to
simplify future maintenance.
Move from the “libs” build flavour to a “mini” package that will
only be used inside the build service and not get shipped, to avoid
confusion with the debuginfo packages (boo#1148643).
update to 9.6.17 (CVE-2020-1720, boo#1163985)
https://www.postgresql.org/about/news/2011/
https://www.postgresql.org/docs/9.6/release-9-6-17.html
use and package the sha256 checksum for for source
update to 9.6.16: https://www.postgresql.org/about/news/1994/
https://www.postgresql.org/docs/9.6/release-9-6-16.html
add requires to the devel package for the libs that are returned by
pg_config --libs
Update to 9.6.15:
Use FAT LTO objects in order to provide proper static library.
Update to 9.6.14: https://www.postgresql.org/docs/9.6/release-9-6-14.html
Update to 9.6.13:
Make the server-devel package exclusive across versions.
Update to 9.6.12:
Overhaul README.SUSE
Update to 9.6.11:
add provides for the new server-devel package that will be introduced in
postgresql 11
Update to 9.6.10:
https://www.postgresql.org/docs/current/static/release-9-6-10.html
Update to 9.6.9: https://www.postgresql.org/about/news/1851/
https://www.postgresql.org/docs/current/static/release-9-6-9.html A
dump/restore is not required for those running 9.6.X. However, if you
use the adminpack extension, you should update it as per the first
changelog entry below. Also, if the function marking mistakes mentioned
in the second and third changelog entries below affect you, you will
want to take steps to correct your database catalogs.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1227=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.1 | i586 | < - openSUSE Leap 15.1 (i586 x86_64): | - openSUSE Leap 15.1 (i586 x86_64):.i586.rpm | |
openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (i586 x86_64): | - openSUSE Leap 15.1 (i586 x86_64):.x86_64.rpm | |
openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm | |
openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P