Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE 16.0 postgresql17 Important Memory Allocation Issues 2026-20131-1

opensuse
Calendar Grey February 3, 2026
Dist Opensuse Esm H88
Important security update for openSUSE fixes multiple issues in postgresql17 and postgresql18, ensuring stability.
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for postgresql17 and postgresql18 fixes the following issues:

Changes in postgresql17, postgresql18:

Update to 17.7:

* https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/

* https://www.postgresql.org/docs/release/17.7/

* bsc#1253332, CVE-2025-12817: Missing check for CREATE

privileges on the schema in CREATE STATISTICS allowed table

owners to create statistics in any schema, potentially leading

to unexpected naming conflicts.

* bsc#1253333, CVE-2025-12818: Several places in libpq were not

sufficiently careful about computing the required size of a

memory allocation. Sufficiently large inputs could cause

integer overflow, resulting in an undersized buffer, which

would then lead to writing past the end of the buffer.

Postgresql is shipped in version 18.1.

pgvector was updated to 0.8.1 to support postgresql18.

pgaudit was updated to support postgresql18.

Patch instructions:

To install this openSUSE...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

libecpg6-18.1-160000.1.1

libpq5-18.1-160000.1.1

postgresql-18-160000.1.1

postgresql-contrib-18-160000.1.1

postgresql-devel-18-160000.1.1

postgresql-docs-18-160000.1.1

postgresql-llvmjit-18-160000.1.1

postgresql-llvmjit-devel-18-160000.1.1

postgresql-plperl-18-160000.1.1

postgresql-plpython-18-160000.1.1

postgresql-pltcl-18-160000.1.1

postgresql-server-18-160000.1.1

postgresql-server-devel-18-160000.1.1

postgresql-test-18-160000.1.1

postgresql13-pgaudit-1.5.3-160000.3.1

postgresql13-pgvector-0.8.1-160000.1.1

postgresql14-pgaudit-1.6.3-160000.3.1

postgresql14-pgvector-0.8.1-160000.1.1

postgresql15-pgaudit-1.7.1-160000.3.1

postgresql15-pgvector-0.8.1-160000.1.1

postgresql16-pgaudit-16.1-160000.3.1

postgresql16-pgvector-0.8.1-160000.1.1

postgresql17-17.7-160000.1.1

postgresql17-contrib-17.7-160000.1.1

postgresql17-devel-17.7-160000.1.1

postgresql17-docs-17.7-160000.1.1

postgresql17-llvmjit-17.7-160000.1.1

postgresql17-llvmjit-devel-17.7-160000.1.1

postgresql17-pgaudit-17.1-160000.3.1

postgresql17-...

Read the Full Advisory

References

* bsc#1253332

* bsc#1253333

References:

* https://www.suse.com/security/cve/CVE-2025-12817.html

* https://www.suse.com/security/cve/CVE-2025-12818.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20131-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here