ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Security update for postgresql13
This update for postgresql13 fixes the following issues:
Upgrade to 13.21:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
Changelog:
Π‘ΠΏΠΈΡΠΎΠΊ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ²
openSUSE Leap 15.6
postgresql13-13.21-150600.14.8.1
postgresql13-contrib-13.21-150600.14.8.1
postgresql13-devel-13.21-150600.14.8.1
postgresql13-docs-13.21-150600.14.8.1
postgresql13-llvmjit-13.21-150600.14.8.1
postgresql13-llvmjit-devel-13.21-150600.14.8.1
postgresql13-plperl-13.21-150600.14.8.1
postgresql13-plpython-13.21-150600.14.8.1
postgresql13-pltcl-13.21-150600.14.8.1
postgresql13-server-13.21-150600.14.8.1
postgresql13-server-devel-13.21-150600.14.8.1
postgresql13-test-13.21-150600.14.8.1
Π‘ΡΡΠ»ΠΊΠΈ
- Link for SUSE-SU-2025:01654-1
- E-Mail link for SUSE-SU-2025:01654-1
- SUSE Security Ratings
- SUSE Bug 1242931
- SUSE CVE CVE-2025-4207 page
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
ΠΠ°ΡΡΠΎΠ½ΡΡΡΠ΅ ΠΏΡΠΎΠ΄ΡΠΊΡΡ
openSUSE Leap 15.6:postgresql13-13.21-150600.14.8.1
openSUSE Leap 15.6:postgresql13-contrib-13.21-150600.14.8.1
openSUSE Leap 15.6:postgresql13-devel-13.21-150600.14.8.1
openSUSE Leap 15.6:postgresql13-docs-13.21-150600.14.8.1
Π‘ΡΡΠ»ΠΊΠΈ
- CVE-2025-4207
- SUSE Bug 1242931