SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3255

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-3255

Security update for postgresql13

Type: security

Severity: moderate

Issued: 2021-09-29

Description:

This update for postgresql13 fixes the following issues:

- CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).

- Fixed build with llvm12 on s390x (bsc#1185952).
- Re-enabled icu for PostgreSQL 10 (bsc#1179945).
- Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
- llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).

References

CVE: CVE-2021-3677
Bugzilla: 1189748 VUL-0: CVE-2021-3677: postgresql: Memory disclosure in certain queries
Bugzilla: 1187751 Dependency error in postgresql13-server-devel-13.3-5.10.1 [ref:_00D1igLOd._5001ifx5tP:ref]
Bugzilla: 1185952 [Build 20210510] PostgreSQL 12 and 13 fail to build with LLVM12 on s390x
Bugzilla: 1179945 [icu68] postgresql fails to build

Packages

postgresql13-13.4-5.16.2