Security update for postgresql17, postgresql18
| Announcement ID: | SUSE-SU-2026:0197-1 |
|---|---|
| Release Date: | 2026-01-21T09:32:00Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for postgresql17, postgresql18 fixes the following issues:
Changes in postgresql18:
- Fix build with uring for post SLE15 code streams.
Update to 18.1:
- https://www.postgresql.org/about/news/p-3171/
- https://www.postgresql.org/docs/release/18.1/
- bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts.
-
bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer.
-
pg_config --libs returns -lnuma so we need to require it.
Update to 18.0:
- https://www.postgresql.org/about/news/p-3142/
- https://www.postgresql.org/docs/18/release-18.html
Changes in postgresql17:
Update to 17.7:
- https://www.postgresql.org/about/news/p-3171/
- https://www.postgresql.org/docs/release/17.7/
- bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts.
-
bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer.
-
switch library to pg 18
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 12 SP5 LTSS
zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-197=1 -
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-197=1
Package List:
-
SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64)
- libpq5-debuginfo-18.1-8.3.4
- libpq5-18.1-8.3.4
- libecpg6-debuginfo-18.1-8.3.4
- libecpg6-18.1-8.3.4
-
SUSE Linux Enterprise Server 12 SP5 LTSS (noarch)
- postgresql-18-4.32.1
- postgresql-server-18-4.32.1
- postgresql-docs-18-4.32.1
- postgresql-contrib-18-4.32.1
- postgresql-pltcl-18-4.32.1
- postgresql-server-devel-18-4.32.1
- postgresql-plperl-18-4.32.1
- postgresql-devel-18-4.32.1
- postgresql-plpython-18-4.32.1
-
SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64)
- libecpg6-32bit-18.1-8.3.4
- libecpg6-debuginfo-32bit-18.1-8.3.4
- libpq5-32bit-18.1-8.3.4
- libpq5-debuginfo-32bit-18.1-8.3.4
-
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64)
- libecpg6-32bit-18.1-8.3.4
- libpq5-32bit-18.1-8.3.4
- libpq5-debuginfo-32bit-18.1-8.3.4
- libpq5-18.1-8.3.4
- libecpg6-18.1-8.3.4
- libpq5-debuginfo-18.1-8.3.4
- libecpg6-debuginfo-32bit-18.1-8.3.4
- libecpg6-debuginfo-18.1-8.3.4
-
SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch)
- postgresql-18-4.32.1
- postgresql-server-18-4.32.1
- postgresql-docs-18-4.32.1
- postgresql-contrib-18-4.32.1
- postgresql-pltcl-18-4.32.1
- postgresql-server-devel-18-4.32.1
- postgresql-plperl-18-4.32.1
- postgresql-devel-18-4.32.1
- postgresql-plpython-18-4.32.1