Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4371-1

Опубликовано: 11 дек. 2025
Источник: suse-cvrf

Описание

Security update for postgresql14

This update for postgresql14 fixes the following issues:

Upgraded to 14.20:

  • CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332)
  • CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333)

Other fixes:

  • Use %product_libs_llvm_ver to determine the LLVM version.
  • Remove conditionals for obsolete PostgreSQL releases.
  • Sync spec file from version 18.

Список пакетов

SUSE Linux Enterprise Module for Legacy 15 SP6
postgresql14-14.20-150600.16.23.1
postgresql14-contrib-14.20-150600.16.23.1
postgresql14-devel-14.20-150600.16.23.1
postgresql14-docs-14.20-150600.16.23.1
postgresql14-plperl-14.20-150600.16.23.1
postgresql14-plpython-14.20-150600.16.23.1
postgresql14-pltcl-14.20-150600.16.23.1
postgresql14-server-14.20-150600.16.23.1
postgresql14-server-devel-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP7
postgresql14-14.20-150600.16.23.1
postgresql14-contrib-14.20-150600.16.23.1
postgresql14-devel-14.20-150600.16.23.1
postgresql14-docs-14.20-150600.16.23.1
postgresql14-plperl-14.20-150600.16.23.1
postgresql14-plpython-14.20-150600.16.23.1
postgresql14-pltcl-14.20-150600.16.23.1
postgresql14-server-14.20-150600.16.23.1
postgresql14-server-devel-14.20-150600.16.23.1
postgresql14-test-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
postgresql14-llvmjit-14.20-150600.16.23.1
postgresql14-test-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
postgresql14-llvmjit-14.20-150600.16.23.1
postgresql14-test-14.20-150600.16.23.1
openSUSE Leap 15.6
postgresql14-14.20-150600.16.23.1
postgresql14-contrib-14.20-150600.16.23.1
postgresql14-devel-14.20-150600.16.23.1
postgresql14-docs-14.20-150600.16.23.1
postgresql14-llvmjit-14.20-150600.16.23.1
postgresql14-llvmjit-devel-14.20-150600.16.23.1
postgresql14-plperl-14.20-150600.16.23.1
postgresql14-plpython-14.20-150600.16.23.1
postgresql14-pltcl-14.20-150600.16.23.1
postgresql14-server-14.20-150600.16.23.1
postgresql14-server-devel-14.20-150600.16.23.1
postgresql14-test-14.20-150600.16.23.1

Ссылки

Описание

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-contrib-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-devel-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-docs-14.20-150600.16.23.1
Ссылки

Описание

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Затронутые продукты
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-contrib-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-devel-14.20-150600.16.23.1
SUSE Linux Enterprise Module for Legacy 15 SP6:postgresql14-docs-14.20-150600.16.23.1
Ссылки