<div class="container">
<h1>Security update for postgresql, postgresql16, postgresql17</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:4052-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2024-11-25T16:10:44Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219340">bsc#1219340</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230423">bsc#1230423</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233323">bsc#1233323</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233325">bsc#1233325</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233326">bsc#1233326</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233327">bsc#1233327</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-11514">jsc#PED-11514</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-10976.html">CVE-2024-10976</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-10977.html">CVE-2024-10977</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-10978.html">CVE-2024-10978</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-10979.html">CVE-2024-10979</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10976</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10976</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10977</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10977</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">3.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10978</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10978</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10979</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-10979</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves four vulnerabilities, contains one feature and has two security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for postgresql, postgresql16, postgresql17 fixes the following issues:</p>
<p>This update ships postgresql17 , and fixes security issues with postgresql16:</p>
<ul>
<li>
<p>bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.</p>
</li>
<li>
<p>bsc#1219340: The last fix was not correct. Improve it by removing
the dependency again and call fillup only if it is installed.</p>
</li>
</ul>
<p>postgresql16 was updated to 16.6:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* https://www.postgresql.org/docs/release/16.6/</p>
<p>postgresql16 was updated to 16.5:</p>
<ul>
<li>CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.</li>
<li>CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.</li>
<li>CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE</li>
<li>CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.</li>
<li>https://www.postgresql.org/about/news/p-2955/</li>
<li>
<p>https://www.postgresql.org/docs/release/16.5/</p>
</li>
<li>
<p>Don't build the libs and mini flavor anymore to hand over to
PostgreSQL 17.</p>
</li>
<li>
<p>https://www.postgresql.org/about/news/p-2910/</p>
</li>
</ul>
<p>postgresql17 is shipped in version 17.2:</p>
<ul>
<li>CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.</li>
<li>CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.</li>
<li>CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE</li>
<li>CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.</li>
<li>https://www.postgresql.org/about/news/p-2955/</li>
<li>https://www.postgresql.org/docs/release/17.1/</li>
<li>https://www.postgresql.org/docs/release/17.2/</li>
</ul>
<p>Upgrade to 17.2:</p>
<ul>
<li>Repair ABI break for extensions that work with struct
ResultRelInfo.</li>
<li>Restore functionality of ALTER {ROLE|DATABASE} SET role.</li>
<li>Fix cases where a logical replication slot's restart_lsn could
go backwards.</li>
<li>Avoid deleting still-needed WAL files during pg_rewind.</li>
<li>Fix race conditions associated with dropping shared statistics
entries.</li>
<li>Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.</li>
<li>Fix crash when checking to see if an index's opclass options
have changed.</li>
<li>Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.</li>
</ul>
<p>Upgrade to 17.0:</p>
<ul>
<li>New memory management system for VACUUM, which reduces memory
consumption and can improve overall vacuuming performance.</li>
<li>New SQL/JSON capabilities, including constructors, identity
functions, and the JSON_TABLE() function, which converts JSON
data into a table representation.</li>
<li>Various query performance improvements, including for
sequential reads using streaming I/O, write throughput under
high concurrency, and searches over multiple values in a btree
index.</li>
<li>Logical replication enhancements, including:</li>
<li>Failover control</li>
<li>pg_createsubscriber, a utility that creates logical replicas
from physical standbys</li>
<li>pg_upgrade now preserves replication slots on both publishers
and subscribers</li>
<li>New client-side connection option, sslnegotiation=direct, that
performs a direct TLS handshake to avoid a round-trip
negotiation.</li>
<li>pg_basebackup now supports incremental backup.</li>
<li>COPY adds a new option, ON_ERROR ignore, that allows a copy
operation to continue in the event of an error.</li>
<li>https://www.postgresql.org/about/news/p-2936/</li>
<li>https://www.postgresql.org/docs/17/release-17.html</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2024-4052=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4052=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>postgresql16-contrib-16.6-3.21.1</li>
<li>libecpg6-debuginfo-17.2-3.5.1</li>
<li>postgresql16-16.6-3.21.1</li>
<li>postgresql16-debuginfo-16.6-3.21.1</li>
<li>libpq5-17.2-3.5.1</li>
<li>libpq5-debuginfo-17.2-3.5.1</li>
<li>postgresql16-plpython-16.6-3.21.1</li>
<li>postgresql16-plperl-debuginfo-16.6-3.21.1</li>
<li>postgresql16-debugsource-16.6-3.21.1</li>
<li>postgresql16-plperl-16.6-3.21.1</li>
<li>postgresql16-pltcl-16.6-3.21.1</li>
<li>postgresql16-pltcl-debuginfo-16.6-3.21.1</li>
<li>postgresql16-contrib-debuginfo-16.6-3.21.1</li>
<li>postgresql16-server-16.6-3.21.1</li>
<li>postgresql16-plpython-debuginfo-16.6-3.21.1</li>
<li>postgresql16-server-debuginfo-16.6-3.21.1</li>
<li>libecpg6-17.2-3.5.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (noarch)
<ul>
<li>postgresql-pltcl-17-4.29.1</li>
<li>postgresql16-docs-16.6-3.21.1</li>
<li>postgresql-docs-17-4.29.1</li>
<li>postgresql-plpython-17-4.29.1</li>
<li>postgresql-17-4.29.1</li>
<li>postgresql-plperl-17-4.29.1</li>
<li>postgresql-contrib-17-4.29.1</li>
<li>postgresql-server-17-4.29.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS 12-SP5 (s390x x86_64)
<ul>
<li>libpq5-32bit-17.2-3.5.1</li>
<li>libecpg6-debuginfo-32bit-17.2-3.5.1</li>
<li>libecpg6-32bit-17.2-3.5.1</li>
<li>libpq5-debuginfo-32bit-17.2-3.5.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (x86_64)
<ul>
<li>libecpg6-debuginfo-17.2-3.5.1</li>
<li>postgresql16-16.6-3.21.1</li>
<li>postgresql16-debuginfo-16.6-3.21.1</li>
<li>postgresql16-pltcl-debuginfo-16.6-3.21.1</li>
<li>postgresql16-plperl-16.6-3.21.1</li>
<li>libecpg6-debuginfo-32bit-17.2-3.5.1</li>
<li>libecpg6-32bit-17.2-3.5.1</li>
<li>libpq5-debuginfo-32bit-17.2-3.5.1</li>
<li>postgresql16-plpython-debuginfo-16.6-3.21.1</li>
<li>libpq5-32bit-17.2-3.5.1</li>
<li>libpq5-debuginfo-17.2-3.5.1</li>
<li>postgresql16-pltcl-16.6-3.21.1</li>
<li>postgresql16-contrib-debuginfo-16.6-3.21.1</li>
<li>postgresql16-server-debuginfo-16.6-3.21.1</li>
<li>postgresql16-contrib-16.6-3.21.1</li>
<li>libpq5-17.2-3.5.1</li>
<li>postgresql16-plpython-16.6-3.21.1</li>
<li>postgresql16-plperl-debuginfo-16.6-3.21.1</li>
<li>libecpg6-17.2-3.5.1</li>
<li>postgresql16-debugsource-16.6-3.21.1</li>
<li>postgresql16-server-16.6-3.21.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security 12-SP5 (noarch)
<ul>
<li>postgresql-pltcl-17-4.29.1</li>
<li>postgresql16-docs-16.6-3.21.1</li>
<li>postgresql-docs-17-4.29.1</li>
<li>postgresql-plpython-17-4.29.1</li>
<li>postgresql-17-4.29.1</li>
<li>postgresql-plperl-17-4.29.1</li>
<li>postgresql-contrib-17-4.29.1</li>
<li>postgresql-server-17-4.29.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-10976.html">https://www.suse.com/security/cve/CVE-2024-10976.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-10977.html">https://www.suse.com/security/cve/CVE-2024-10977.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-10978.html">https://www.suse.com/security/cve/CVE-2024-10978.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-10979.html">https://www.suse.com/security/cve/CVE-2024-10979.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219340">https://bugzilla.suse.com/show_bug.cgi?id=1219340</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230423">https://bugzilla.suse.com/show_bug.cgi?id=1230423</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233323">https://bugzilla.suse.com/show_bug.cgi?id=1233323</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233325">https://bugzilla.suse.com/show_bug.cgi?id=1233325</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233326">https://bugzilla.suse.com/show_bug.cgi?id=1233326</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1233327">https://bugzilla.suse.com/show_bug.cgi?id=1233327</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-11514">https://jira.suse.com/browse/PED-11514</a>
</li>
</ul>
</div>