Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4388-1

Опубликовано: 12 дек. 2025
Источник: suse-cvrf

Описание

Security update for postgresql16

This update for postgresql16 fixes the following issues:

Upgraded to 16.11:

  • CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332)
  • CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333)

Other fixes:

  • Use %product_libs_llvm_ver to determine the LLVM version.
  • Remove conditionals for obsolete PostgreSQL releases.
  • Sync spec file from version 18.

Список пакетов

Container suse/postgres:16
postgresql16-16.11-150600.16.25.1
postgresql16-server-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
postgresql16-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Legacy 15 SP7
postgresql16-contrib-16.11-150600.16.25.1
postgresql16-devel-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
postgresql16-llvmjit-16.11-150600.16.25.1
postgresql16-test-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
postgresql16-llvmjit-16.11-150600.16.25.1
postgresql16-llvmjit-devel-16.11-150600.16.25.1
postgresql16-test-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
postgresql16-contrib-16.11-150600.16.25.1
postgresql16-devel-16.11-150600.16.25.1
postgresql16-docs-16.11-150600.16.25.1
postgresql16-plperl-16.11-150600.16.25.1
postgresql16-plpython-16.11-150600.16.25.1
postgresql16-pltcl-16.11-150600.16.25.1
postgresql16-server-16.11-150600.16.25.1
postgresql16-server-devel-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
postgresql16-16.11-150600.16.25.1
postgresql16-server-16.11-150600.16.25.1
postgresql16-server-devel-16.11-150600.16.25.1
openSUSE Leap 15.6
postgresql16-16.11-150600.16.25.1
postgresql16-contrib-16.11-150600.16.25.1
postgresql16-devel-16.11-150600.16.25.1
postgresql16-docs-16.11-150600.16.25.1
postgresql16-llvmjit-16.11-150600.16.25.1
postgresql16-llvmjit-devel-16.11-150600.16.25.1
postgresql16-plperl-16.11-150600.16.25.1
postgresql16-plpython-16.11-150600.16.25.1
postgresql16-pltcl-16.11-150600.16.25.1
postgresql16-server-16.11-150600.16.25.1
postgresql16-server-devel-16.11-150600.16.25.1
postgresql16-test-16.11-150600.16.25.1

Ссылки

Описание

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Затронутые продукты
Container suse/postgres:16:postgresql16-16.11-150600.16.25.1
Container suse/postgres:16:postgresql16-server-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:postgresql16-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Legacy 15 SP7:postgresql16-contrib-16.11-150600.16.25.1
Ссылки

Описание

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Затронутые продукты
Container suse/postgres:16:postgresql16-16.11-150600.16.25.1
Container suse/postgres:16:postgresql16-server-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:postgresql16-16.11-150600.16.25.1
SUSE Linux Enterprise Module for Legacy 15 SP7:postgresql16-contrib-16.11-150600.16.25.1
Ссылки