Описание
Security update for postgresql16
This update for postgresql16 fixes the following issues:
Upgrade to 16.9:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
Changelog:
Список пакетов
Container suse/postgres:16
postgresql16-16.9-150600.16.18.1
postgresql16-server-16.9-150600.16.18.1
SUSE Linux Enterprise Module for Legacy 15 SP7
postgresql16-contrib-16.9-150600.16.18.1
postgresql16-devel-16.9-150600.16.18.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
postgresql16-llvmjit-16.9-150600.16.18.1
postgresql16-llvmjit-devel-16.9-150600.16.18.1
postgresql16-test-16.9-150600.16.18.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
postgresql16-16.9-150600.16.18.1
postgresql16-server-16.9-150600.16.18.1
Ссылки
- Link for SUSE-SU-2025:01766-2
- E-Mail link for SUSE-SU-2025:01766-2
- SUSE Security Ratings
- SUSE Bug 1242931
- SUSE CVE CVE-2025-4207 page
Описание
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Затронутые продукты
Container suse/postgres:16:postgresql16-16.9-150600.16.18.1
Container suse/postgres:16:postgresql16-server-16.9-150600.16.18.1
SUSE Linux Enterprise Module for Legacy 15 SP7:postgresql16-contrib-16.9-150600.16.18.1
SUSE Linux Enterprise Module for Legacy 15 SP7:postgresql16-devel-16.9-150600.16.18.1
Ссылки
- CVE-2025-4207
- SUSE Bug 1242931