Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE PostgreSQL15 Notable RAM Usage Issues SUSE-SU-2026-22100-5

suse
Calendar Grey April 9, 2026
Dist Suse Esm H88
Two important security issues in PostgreSQL13 for SUSE fixes allow for unexpected naming conflicts and overflow risks.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for postgresql13 fixes the following issues: Security fixes: * CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts (bsc#1253332) * CVE-2025-12818: Fixed several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer (bsc#1253333) Other fixes: * Update to 13.23 * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/13.23 ## Patch Instructions:

References

* bsc#1253332

* bsc#1253333

Cross-

* CVE-2025-12817

* CVE-2025-12818

CVSS scores:

* CVE-2025-12817 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-12818 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise Server - BCI 16.0

An update that solves two vulnerabilities can now be installed.

##

* https://www.suse.com/security/cve/CVE-2025-12817.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20986-1
Release Date: 2026-03-30T15:14:07Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here