SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2989

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2989

Security update for postgresql14

Type: security

Severity: important

Issued: 2022-09-26

Description:

This update for postgresql14 fixes the following issues:

- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).

- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)

References

CVE: CVE-2022-2625
Bugzilla: 1202368 VUL-0: CVE-2022-2625: postgresql10,postgresql12,postgresql13,postgresql14: Extension scripts replace objects not belonging to the extension.
Bugzilla: 1200437 PostgreSQL 14: silent index corruprion
Bugzilla: 1198166 PostgreSQL 11-14 don't build with LLVM 14

Packages

postgresql14-14.5-150200.5.17.1