Overview

File _patchinfo of Package patchinfo.21203

<patchinfo incident="21203">
  <issue tracker="bnc" id="1202368">VUL-0: CVE-2022-2625: postgresql10,postgresql12,postgresql13,postgresql14: Extension scripts replace objects not belonging to the extension.</issue>
  <issue tracker="bnc" id="1179945">[icu68] postgresql fails to build</issue>
  <issue tracker="bnc" id="1183168">postgresql13: uninstall fails due to valid script expansion</issue>
  <issue tracker="bnc" id="1185952">[Build 20210510] PostgreSQL 12 and 13 fail to build with LLVM12 on s390x</issue>
  <issue tracker="bnc" id="1187751">Dependency error in postgresql13-server-devel-13.3-5.10.1 [ref:_00D1igLOd._5001ifx5tP:ref]</issue>
  <issue tracker="bnc" id="1190177">PostgreSQL patchlevel updates 2021/08</issue>
  <issue tracker="bnc" id="1190740">TLS reference in /usr/lib64/libLLVM.so mismatches non-TLS reference in /usr/lib64/libLLVM.so when linking to LLVM on s390x</issue>
  <issue tracker="bnc" id="1192516">VUL-0: postgresql12,postgresql13,postgresql14: 2 November 2021 security issues</issue>
  <issue tracker="bnc" id="1195680">PostgreSQL updates 2022/02</issue>
  <issue tracker="bnc" id="1199475">VUL-0: CVE-2022-1552: postgresql13, postgresql14: Confine additional operations within “security restricted operation” sandboxes</issue>
  <issue tracker="cve" id="2021-23214"/>
  <issue tracker="cve" id="2021-23222"/>
  <issue tracker="cve" id="2022-1552"/>
  <issue tracker="cve" id="2022-2625"/>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql10</summary>
  <description>This update for postgresql10 fixes the following issues:

- Upgrade to 10.22:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).

- Upgrade to 10.21:
- CVE-2022-1552: Confined additional operations within "security restricted operation" sandboxes (bsc#1199475).

- Upgrade to 10.20 (bsc#1195680)
- Add constraints file with 12GB of memory for s390x as a workaround (boo#1190740)

- Upgrade to version 10.19 (bsc#1192516):
- CVE-2021-23214: Made the server reject extraneous data after an SSL or GSS encryption handshake
- CVE-2021-23222: Made libpq reject extraneous data after an SSL or GSS encryption handshake

- Fix for build with llvm12 on s390x. (bsc#1185952)
- Re-enable 'icu' for PostgreSQL 10. (bsc#1179945)
- Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751)
- Upgrade to version 10.18. (bsc#1190177)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places