Security update for postgresql16

Announcement ID:	SUSE-SU-2025:4386-1
Release Date:	2025-12-12T13:34:22Z
Rating:	important
References:	bsc#1253332 bsc#1253333
Cross-References:	CVE-2025-12817 CVE-2025-12818
CVSS scores:	CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12 SP5 LTSS SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves two vulnerabilities can now be installed.

Description:

This update for postgresql16 fixes the following issues:

Upgraded to 16.11:

• CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332)
• CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333)

Other fixes:

• Use %product_libs_llvm_ver to determine the LLVM version.
• Remove conditionals for obsolete PostgreSQL releases.
• Sync spec file from version 18.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 SP5 LTSS
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-4386=1
• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4386=1

Package List:

• SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
  • postgresql16-plperl-16.11-3.35.1
  • postgresql16-plpython-16.11-3.35.1
  • postgresql16-server-devel-debuginfo-16.11-3.35.1
  • postgresql16-plperl-debuginfo-16.11-3.35.1
  • postgresql16-debuginfo-16.11-3.35.1
  • postgresql16-contrib-debuginfo-16.11-3.35.1
  • postgresql16-devel-debuginfo-16.11-3.35.1
  • postgresql16-debugsource-16.11-3.35.1
  • postgresql16-devel-16.11-3.35.1
  • postgresql16-server-debuginfo-16.11-3.35.1
  • postgresql16-server-devel-16.11-3.35.1
  • postgresql16-server-16.11-3.35.1
  • postgresql16-pltcl-debuginfo-16.11-3.35.1
  • postgresql16-contrib-16.11-3.35.1
  • postgresql16-16.11-3.35.1
  • postgresql16-pltcl-16.11-3.35.1
  • postgresql16-plpython-debuginfo-16.11-3.35.1
• SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
  • postgresql16-docs-16.11-3.35.1
• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
  • postgresql16-plperl-16.11-3.35.1
  • postgresql16-plpython-16.11-3.35.1
  • postgresql16-server-devel-debuginfo-16.11-3.35.1
  • postgresql16-plperl-debuginfo-16.11-3.35.1
  • postgresql16-debuginfo-16.11-3.35.1
  • postgresql16-contrib-debuginfo-16.11-3.35.1
  • postgresql16-devel-debuginfo-16.11-3.35.1
  • postgresql16-debugsource-16.11-3.35.1
  • postgresql16-devel-16.11-3.35.1
  • postgresql16-server-debuginfo-16.11-3.35.1
  • postgresql16-server-devel-16.11-3.35.1
  • postgresql16-server-16.11-3.35.1
  • postgresql16-pltcl-debuginfo-16.11-3.35.1
  • postgresql16-contrib-16.11-3.35.1
  • postgresql16-16.11-3.35.1
  • postgresql16-pltcl-16.11-3.35.1
  • postgresql16-plpython-debuginfo-16.11-3.35.1
• SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
  • postgresql16-docs-16.11-3.35.1

References:

• https://www.suse.com/security/cve/CVE-2025-12817.html
• https://www.suse.com/security/cve/CVE-2025-12818.html
• https://bugzilla.suse.com/show_bug.cgi?id=1253332
• https://bugzilla.suse.com/show_bug.cgi?id=1253333