* bsc#1242931 Cross-References: * CVE-2025-4207 . # Security update for postgresql14 Announcement ID: SUSE-SU-2025:01786-2 Release Date: 2025-08-11T12:43:59Z Rating: moderate References: * bsc#1242931 Cross-References: * CVE-2025-4207 CVSS scores: * CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql14 fixes the following issues: Upgrade to 14.18: * CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP3 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2025-1786=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2025-1786=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2025-1786=1 ## Package List: * SUSE Package Hub 15 15-SP3 (aarch64 ppc64le s390x x86_64) * postgresql14-llvmjit-debuginfo-14.18-150200.5.58.1 * postgresql14-llvmjit-14.18-150200.5.58.1 * SUSE Package Hub 15 15-SP3 (x86_64) * postgresql14-test-14.18-150200.5.58.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * postgresql14-debuginfo-14.18-150200.5.58.1 * postgresql14-llvmjit-debuginfo-14.18-150200.5.58.1 * postgresql14-debugsource-14.18-150200.5.58.1 * postgresql14-llvmjit-14.18-150200.5.58.1 * postgresql14-test-14.18-150200.5.58.1 * postgresql14-llvmjit-devel-14.18-150200.5.58.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * postgresql14-debuginfo-14.18-150200.5.58.1 * postgresql14-llvmjit-debuginfo-14.18-150200.5.58.1 * postgresql14-debugsource-14.18-150200.5.58.1 * postgresql14-llvmjit-14.18-150200.5.58.1 * postgresql14-test-14.18-150200.5.58.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4207.html * https://bugzilla.suse.com/show_bug.cgi?id=1242931 . Latest security patch for PostgreSQL on SUSE fixes CVE-2025-4207, noted for its moderate severity regarding encoding vulnerabilities.. SUSE Linux, PostgreSQL, security update, encoding validation, CVE-2025-4207. . LinuxSecurity.com Team
* bsc#1242931 Cross-References: * CVE-2025-4207 . # Security update for postgresql14 Announcement ID: SUSE-SU-2025:01772-1 Release Date: 2025-05-30T10:44:52Z Rating: moderate References: * bsc#1242931 Cross-References: * CVE-2025-4207 CVSS scores: * CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql14 fixes the following issues: Upgrade to 14.18: * CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1772=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1772=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * postgresql14-contrib-14.18-3.57.1 * postgresql14-pltcl-debuginfo-14.18-3.57.1 * postgresql14-debugsource-14.18-3.57.1 * postgresql14-devel-14.18-3.57.1 * postgresql14-plperl-14.18-3.57.1 * postgresql14-server-14.18-3.57.1 * postgresql14-plperl-debuginfo-14.18-3.57.1 * postgresql14-server-debuginfo-14.18-3.57.1 * postgresql14-plpython-debuginfo-14.18-3.57.1 * postgresql14-devel-debuginfo-14.18-3.57.1 * postgresql14-contrib-debuginfo-14.18-3.57.1 * postgresql14-plpython-14.18-3.57.1 * postgresql14-debuginfo-14.18-3.57.1 * postgresql14-14.18-3.57.1 * postgresql14-pltcl-14.18-3.57.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * postgresql14-docs-14.18-3.57.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * postgresql14-server-devel-14.18-3.57.1 * postgresql14-server-devel-debuginfo-14.18-3.57.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * postgresql14-contrib-14.18-3.57.1 * postgresql14-pltcl-debuginfo-14.18-3.57.1 * postgresql14-debugsource-14.18-3.57.1 * postgresql14-devel-14.18-3.57.1 * postgresql14-plperl-14.18-3.57.1 * postgresql14-server-14.18-3.57.1 * postgresql14-plperl-debuginfo-14.18-3.57.1 * postgresql14-server-debuginfo-14.18-3.57.1 * postgresql14-plpython-debuginfo-14.18-3.57.1 * postgresql14-devel-debuginfo-14.18-3.57.1 * postgresql14-contrib-debuginfo-14.18-3.57.1 * postgresql14-plpython-14.18-3.57.1 * postgresql14-server-devel-14.18-3.57.1 * postgresql14-debuginfo-14.18-3.57.1 * postgresql14-server-devel-debuginfo-14.18-3.57.1 * postgresql14-14.18-3.57.1 * postgresql14-pltcl-14.18-3.57.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * postgresql14-docs-14.18-3.57.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4207.html * https://bugzilla.suse.com/show_bug.cgi?id=1242931 . This notice outlines a security patch for PostgreSQL version 14 concerning a character encoding validation vulnerability classified as moderate.. PostgreSQL Security, SUSE Update, Patch Management, Software Vulnerability, Encoding Issue. . LinuxSecurity.com Team
* bsc#1242931 Cross-References: * CVE-2025-4207 . # Security update for postgresql15 Announcement ID: SUSE-SU-2025:01749-1 Release Date: 2025-05-29T12:44:13Z Rating: moderate References: * bsc#1242931 Cross-References: * CVE-2025-4207 CVSS scores: * CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql15 fixes the following issues: Upgrade to 15.13: * CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/15.13/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-1749=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1749=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * postgresql15-debuginfo-15.13-3.41.1 * postgresql15-server-15.13-3.41.1 * postgresql15-debugsource-15.13-3.41.1 * postgresql15-devel-debuginfo-15.13-3.41.1 * postgresql15-plperl-debuginfo-15.13-3.41.1 * postgresql15-pltcl-debuginfo-15.13-3.41.1 * postgresql15-pltcl-15.13-3.41.1 * postgresql15-server-devel-15.13-3.41.1 *postgresql15-contrib-debuginfo-15.13-3.41.1 * postgresql15-plpython-debuginfo-15.13-3.41.1 * postgresql15-devel-15.13-3.41.1 * postgresql15-plpython-15.13-3.41.1 * postgresql15-server-devel-debuginfo-15.13-3.41.1 * postgresql15-contrib-15.13-3.41.1 * postgresql15-plperl-15.13-3.41.1 * postgresql15-server-debuginfo-15.13-3.41.1 * postgresql15-15.13-3.41.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * postgresql15-docs-15.13-3.41.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * postgresql15-debuginfo-15.13-3.41.1 * postgresql15-server-15.13-3.41.1 * postgresql15-debugsource-15.13-3.41.1 * postgresql15-devel-debuginfo-15.13-3.41.1 * postgresql15-plperl-debuginfo-15.13-3.41.1 * postgresql15-pltcl-debuginfo-15.13-3.41.1 * postgresql15-pltcl-15.13-3.41.1 * postgresql15-server-devel-15.13-3.41.1 * postgresql15-contrib-debuginfo-15.13-3.41.1 * postgresql15-plpython-debuginfo-15.13-3.41.1 * postgresql15-devel-15.13-3.41.1 * postgresql15-plpython-15.13-3.41.1 * postgresql15-server-devel-debuginfo-15.13-3.41.1 * postgresql15-contrib-15.13-3.41.1 * postgresql15-plperl-15.13-3.41.1 * postgresql15-server-debuginfo-15.13-3.41.1 * postgresql15-15.13-3.41.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * postgresql15-docs-15.13-3.41.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4207.html * https://bugzilla.suse.com/show_bug.cgi?id=1242931 . To mitigate the moderate security vulnerability in PostgreSQL 15 on SUSE systems, follow the outlined update guidance to secure your installation effectively. PostgreSQL Security Update, SUSE Patch, Enterprise Linux Fix. . LinuxSecurity.com Team
* bsc#1242931 Cross-References: * CVE-2025-4207 . # Security update for postgresql17 Announcement ID: SUSE-SU-2025:01644-2 Release Date: 2025-05-29T13:30:20Z Rating: moderate References: * bsc#1242931 Cross-References: * CVE-2025-4207 CVSS scores: * CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql17 fixes the following issues: Upgrade to 17.5: * CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/17.5/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-1644=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1644=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-1644=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql17-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * postgresql17-debugsource-17.5-150600.13.13.1 * libpq5-17.5-150600.13.13.1 * libpq5-debuginfo-17.5-150600.13.13.1 * Basesystem Module 15-SP7 (x86_64) * libpq5-32bit-debuginfo-17.5-150600.13.13.1 *libpq5-32bit-17.5-150600.13.13.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql17-llvmjit-devel-17.5-150600.13.13.1 * postgresql17-llvmjit-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * postgresql17-llvmjit-debuginfo-17.5-150600.13.13.1 * postgresql17-test-17.5-150600.13.13.1 * postgresql17-debugsource-17.5-150600.13.13.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql17-devel-17.5-150600.13.13.1 * postgresql17-plperl-debuginfo-17.5-150600.13.13.1 * postgresql17-plperl-17.5-150600.13.13.1 * postgresql17-pltcl-debuginfo-17.5-150600.13.13.1 * postgresql17-contrib-17.5-150600.13.13.1 * postgresql17-debugsource-17.5-150600.13.13.1 * postgresql17-devel-debuginfo-17.5-150600.13.13.1 * postgresql17-pltcl-17.5-150600.13.13.1 * postgresql17-server-debuginfo-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * postgresql17-server-17.5-150600.13.13.1 * postgresql17-server-devel-17.5-150600.13.13.1 * postgresql17-plpython-17.5-150600.13.13.1 * postgresql17-plpython-debuginfo-17.5-150600.13.13.1 * postgresql17-server-devel-debuginfo-17.5-150600.13.13.1 * libecpg6-debuginfo-17.5-150600.13.13.1 * libecpg6-17.5-150600.13.13.1 * postgresql17-contrib-debuginfo-17.5-150600.13.13.1 * Server Applications Module 15-SP7 (noarch) * postgresql17-docs-17.5-150600.13.13.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4207.html * https://bugzilla.suse.com/show_bug.cgi?id=1242931 . PostgreSQL version 17.5 introduces a security patch that resolves an encoding validation vulnerability. Find further information on the fix here.. PostgreSQL, SUSE, security update, encoding validation, update instructions. . LinuxSecurity.com Team
CVE-2025-46646 ghostscript: Mishandling of Overlong UTF-8 Encoding in decode_utf8() (fedora#2362639, fedora#2362446). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d5e2376a90 2025-05-24 01:46:25.887874+00:00 -------------------------------------------------------------------------------- Name : ghostscript Product : Fedora 41 Version : 10.03.1 Release : 6.fc41 URL : https://ghostscript.com/ Summary : Interpreter for PostScript language & PDF Description : This package provides useful conversion utilities based on Ghostscript software, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript (PS) and Portable Document Format (PDF) page description languages. Its primary purpose includes displaying (rasterization & rendering) and printing of document pages, as well as conversions between different document formats. -------------------------------------------------------------------------------- Update Information: CVE-2025-46646 ghostscript: Mishandling of Overlong UTF-8 Encoding in decode_utf8() (fedora#2362639, fedora#2362446) -------------------------------------------------------------------------------- ChangeLog: * Mon May 19 2025 Zdenek Dohnal - 10.03.1-6 - CVE-2025-46646 ghostscript: Mishandling of Overlong UTF-8 Encoding in decode_utf8() (fedora#2362639, fedora#2362446) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2362446 - CVE-2025-46646 Ghostscript: Mishandling of Overlong UTF-8 Encoding in Artifex Ghostscript's decode_utf8 Function https://bugzilla.redhat.com/show_bug.cgi?id=2362446 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d5e2376a90' atthe command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
* bsc#1242931 Cross-References: * CVE-2025-4207 . # Security update for postgresql13 Announcement ID: SUSE-SU-2025:01654-1 Release Date: 2025-05-22T10:52:10Z Rating: moderate References: * bsc#1242931 Cross-References: * CVE-2025-4207 CVSS scores: * CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql13 fixes the following issues: Upgrade to 13.21: * CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/13.21/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1654=1 SUSE-2025-1654=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * postgresql13-llvmjit-13.21-150600.14.8.1 * postgresql13-server-debuginfo-13.21-150600.14.8.1 * postgresql13-contrib-debuginfo-13.21-150600.14.8.1 * postgresql13-server-devel-debuginfo-13.21-150600.14.8.1 * postgresql13-contrib-13.21-150600.14.8.1 * postgresql13-server-13.21-150600.14.8.1 * postgresql13-devel-debuginfo-13.21-150600.14.8.1 * postgresql13-debugsource-13.21-150600.14.8.1 * postgresql13-plperl-debuginfo-13.21-150600.14.8.1 * postgresql13-plpython-debuginfo-13.21-150600.14.8.1 * postgresql13-13.21-150600.14.8.1 * postgresql13-pltcl-debuginfo-13.21-150600.14.8.1 * postgresql13-test-13.21-150600.14.8.1 * postgresql13-debuginfo-13.21-150600.14.8.1 * postgresql13-llvmjit-debuginfo-13.21-150600.14.8.1 *postgresql13-devel-13.21-150600.14.8.1 * postgresql13-llvmjit-devel-13.21-150600.14.8.1 * postgresql13-plperl-13.21-150600.14.8.1 * postgresql13-plpython-13.21-150600.14.8.1 * postgresql13-server-devel-13.21-150600.14.8.1 * postgresql13-pltcl-13.21-150600.14.8.1 * openSUSE Leap 15.6 (noarch) * postgresql13-docs-13.21-150600.14.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4207.html * https://bugzilla.suse.com/show_bug.cgi?id=1242931 . SUSE releases a minor security patch for postgresql13 to tackle encoding vulnerabilities. Update your installation to enhance system protection.. PostgreSQL Update, SUSE Security Fix, Database Security. . LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for postgresql17 Announcement ID: SUSE-SU-2025:01644-1 Release Date: 2025-05-21T14:35:27Z Rating: moderate References: * bsc#1242931 Cross-References: * CVE-2025-4207 CVSS scores: * CVE-2025-4207 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4207 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql17 fixes the following issues: Upgrade to 17.5: * CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/17.5/ ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1644=1 openSUSE-SLE-15.6-2025-1644=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1644=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1644=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1644=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * postgresql17-pltcl-debuginfo-17.5-150600.13.13.1 * postgresql17-contrib-17.5-150600.13.13.1 * postgresql17-pltcl-17.5-150600.13.13.1 *postgresql17-llvmjit-devel-17.5-150600.13.13.1 * postgresql17-devel-mini-debuginfo-17.5-150600.13.13.1 * postgresql17-llvmjit-debuginfo-17.5-150600.13.13.1 * postgresql17-plpython-17.5-150600.13.13.1 * postgresql17-server-devel-17.5-150600.13.13.1 * postgresql17-devel-debuginfo-17.5-150600.13.13.1 * postgresql17-mini-debugsource-17.5-150600.13.13.1 * postgresql17-test-17.5-150600.13.13.1 * postgresql17-devel-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * postgresql17-plperl-17.5-150600.13.13.1 * libecpg6-17.5-150600.13.13.1 * postgresql17-server-devel-debuginfo-17.5-150600.13.13.1 * postgresql17-plpython-debuginfo-17.5-150600.13.13.1 * postgresql17-llvmjit-17.5-150600.13.13.1 * libpq5-17.5-150600.13.13.1 * postgresql17-contrib-debuginfo-17.5-150600.13.13.1 * postgresql17-17.5-150600.13.13.1 * postgresql17-server-debuginfo-17.5-150600.13.13.1 * libecpg6-debuginfo-17.5-150600.13.13.1 * libpq5-debuginfo-17.5-150600.13.13.1 * postgresql17-debugsource-17.5-150600.13.13.1 * postgresql17-server-17.5-150600.13.13.1 * postgresql17-plperl-debuginfo-17.5-150600.13.13.1 * postgresql17-devel-mini-17.5-150600.13.13.1 * openSUSE Leap 15.6 (x86_64) * libpq5-32bit-debuginfo-17.5-150600.13.13.1 * libecpg6-32bit-debuginfo-17.5-150600.13.13.1 * libecpg6-32bit-17.5-150600.13.13.1 * libpq5-32bit-17.5-150600.13.13.1 * openSUSE Leap 15.6 (noarch) * postgresql17-docs-17.5-150600.13.13.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpq5-64bit-debuginfo-17.5-150600.13.13.1 * libecpg6-64bit-17.5-150600.13.13.1 * libpq5-64bit-17.5-150600.13.13.1 * libecpg6-64bit-debuginfo-17.5-150600.13.13.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libpq5-debuginfo-17.5-150600.13.13.1 * postgresql17-debugsource-17.5-150600.13.13.1 * libpq5-17.5-150600.13.13.1 * postgresql17-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * Basesystem Module 15-SP6(x86_64) * libpq5-32bit-17.5-150600.13.13.1 * libpq5-32bit-debuginfo-17.5-150600.13.13.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-debugsource-17.5-150600.13.13.1 * postgresql17-llvmjit-17.5-150600.13.13.1 * postgresql17-llvmjit-debuginfo-17.5-150600.13.13.1 * postgresql17-llvmjit-devel-17.5-150600.13.13.1 * postgresql17-test-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-server-debuginfo-17.5-150600.13.13.1 * libecpg6-debuginfo-17.5-150600.13.13.1 * postgresql17-server-17.5-150600.13.13.1 * postgresql17-debugsource-17.5-150600.13.13.1 * postgresql17-plperl-17.5-150600.13.13.1 * libecpg6-17.5-150600.13.13.1 * postgresql17-pltcl-debuginfo-17.5-150600.13.13.1 * postgresql17-plpython-debuginfo-17.5-150600.13.13.1 * postgresql17-server-devel-debuginfo-17.5-150600.13.13.1 * postgresql17-contrib-17.5-150600.13.13.1 * postgresql17-plperl-debuginfo-17.5-150600.13.13.1 * postgresql17-plpython-17.5-150600.13.13.1 * postgresql17-devel-17.5-150600.13.13.1 * postgresql17-pltcl-17.5-150600.13.13.1 * postgresql17-server-devel-17.5-150600.13.13.1 * postgresql17-devel-debuginfo-17.5-150600.13.13.1 * postgresql17-contrib-debuginfo-17.5-150600.13.13.1 * postgresql17-debuginfo-17.5-150600.13.13.1 * Server Applications Module 15-SP6 (noarch) * postgresql17-docs-17.5-150600.13.13.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4207.html * https://bugzilla.suse.com/show_bug.cgi?id=1242931 . Tackling the character set challenges in postgresql17, this revision guarantees reliability and resolves key security flaws.. postgresql security, openSUSE patch, moderate severity issues, encoding validation fixes. . LinuxSecurity.com Team
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation. (CVE-2025-1094) References: - https://bugs.mageia.org/show_bug.cgi?id=34018 . MGASA-2025-0064 - Updated postgresql15 & postgresql13 packages fix security vulnerability Publication date: 14 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0064.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-1094 PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation. (CVE-2025-1094) References: - https://bugs.mageia.org/show_bug.cgi?id=34018 - https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/ - https://www.cve.org/CVERecord?id=CVE-2025-1094 SRPMS: - 9/core/postgresql15-15.11-1.mga9 - 9/core/postgresql13-13.19-1.mga9 . Improvements for PostgreSQL versions 15 and 13 have been implemented to resolve security vulnerabilities in Mageia release 9. Discover further details here.. PostgreSQL Security Updates,Mageia Security Advisory,Encoding Vulnerability Fix. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.