Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE: PostgreSQL Important Memory Allocation Security Fix 2026:0197-1

suse
Calendar Grey January 21, 2026
Dist Suse Esm H88
Security update for PostgreSQL on SUSE fixes important vulnerabilities with critical memory allocation issues that need attention.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: * Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an

References

* bsc#1253332

* bsc#1253333

Cross-

* CVE-2025-12817

* CVE-2025-12818

CVSS scores:

* CVE-2025-12817 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-12818 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server 12 SP5 LTSS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0197-1
Release Date: 2026-01-21T09:32:00Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here