Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves seven vulnerabilities can now be installed.. # Security update for nginx Announcement ID: SUSE-SU-2026:2370-1 Release Date: 2026-06-11T13:23:43Z Rating: important References: * bsc#1260415 * bsc#1260420 * bsc#1265229 * bsc#1265231 * bsc#1265232 * bsc#1265233 * bsc#1266215 Cross-References: * CVE-2026-27651 * CVE-2026-32647 * CVE-2026-40701 * CVE-2026-42934 * CVE-2026-42945 * CVE-2026-42946 * CVE-2026-9256 CVSS scores: * CVE-2026-27651 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27651 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27651 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27651 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32647 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32647 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32647 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32647 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-40701 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-40701 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-40701 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-40701 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-42934 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42934 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-42934 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42934 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-42945 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-42945 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-42945 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42945 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42946 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42946 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-42946 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-42946 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-9256 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-9256 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise HighPerformance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nginx fixes the following issues * CVE-2026-9256: heap buffer overflow in the `ngx_http_rewrite_module` when using a configuration with overlapping captures (bsc#1266215). * CVE-2026-27651: denial of service via undisclosed requests when the `ngx_mail_auth_http_module` is enabled (bsc#1260415). * CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260420). * CVE-2026-40701: heap use-after-free in the worker process when the `ssl_verify_client` and the `ssl_ocsp` directives are set due to issue in the `ngx_http_ssl_module` module (bsc#1265229). * CVE-2026-42934: heap buffer overread in the worker process due to issue in the `ngx_http_charset_module` module (bsc#1265231). * CVE-2026-42945: heap buffer overflow via crafted HTTP requests due to issue in `ngx_http_rewrite_module` (bsc#1265232). * CVE-2026-42946: excessive memory allocation and data overread due to issue in the `ngx_http_scgi_module` and `ngx_http_uwsgi_module` modules (bsc#1265233). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP4-2026-2370=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2370=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2370=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2370=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2370=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2370=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2370=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * nginx-source-1.21.5-150400.3.20.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * openSUSE Leap 15.4 (noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5(noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nginx-source-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * nginx-debugsource-1.21.5-150400.3.20.1 * nginx-1.21.5-150400.3.20.1 * nginx-debuginfo-1.21.5-150400.3.20.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * nginx-source-1.21.5-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27651.html * https://www.suse.com/security/cve/CVE-2026-32647.html * https://www.suse.com/security/cve/CVE-2026-40701.html * https://www.suse.com/security/cve/CVE-2026-42934.html * https://www.suse.com/security/cve/CVE-2026-42945.html * https://www.suse.com/security/cve/CVE-2026-42946.html *https://www.suse.com/security/cve/CVE-2026-9256.html * https://bugzilla.suse.com/show_bug.cgi?id=1260415 * https://bugzilla.suse.com/show_bug.cgi?id=1260420 * https://bugzilla.suse.com/show_bug.cgi?id=1265229 * https://bugzilla.suse.com/show_bug.cgi?id=1265231 * https://bugzilla.suse.com/show_bug.cgi?id=1265232 * https://bugzilla.suse.com/show_bug.cgi?id=1265233 * https://bugzilla.suse.com/show_bug.cgi?id=1266215 . Update for openSUSE patches important issues in nginx addressing seven vulnerabilities with significant risks to security.. openSUSE nginx vulnerabilities patch update security. . Severity: Important. LinuxSecurity.com Team
An update that solves 11 vulnerabilities, contains one feature and has one security fix can now be installed.. # Security update for postgresql18 Announcement ID: SUSE-SU-2026:1945-1 Release Date: 2026-05-18T07:48:50Z Rating: important References: * bsc#1263804 * bsc#1265172 * bsc#1265173 * bsc#1265174 * bsc#1265175 * bsc#1265176 * bsc#1265177 * bsc#1265178 * bsc#1265179 * bsc#1265180 * bsc#1265181 * bsc#1265182 * jsc#PED-14820 Cross-References: * CVE-2026-6472 * CVE-2026-6473 * CVE-2026-6474 * CVE-2026-6475 * CVE-2026-6476 * CVE-2026-6477 * CVE-2026-6478 * CVE-2026-6479 * CVE-2026-6575 * CVE-2026-6637 * CVE-2026-6638 CVSS scores: * CVE-2026-6472 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6472 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6473 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6473 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6474 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6474 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6475 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6476 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6476 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6477 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6477 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-6478 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6478 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6575 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6575 (NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6637 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6637 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6638 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2026-6638 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 11 vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: * CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172). * CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173). * CVE-2026-6474: Guard against malicious time zone names (bsc#1265174). * CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175). * CVE-2026-6476: Properly quote subscription names in pg_createsubscriber (bsc#1265176). * CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177). * CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178). * CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179). *CVE-2026-6575: Detect faulty input when restoring attribute MCV statistics (bsc#1265180). * CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181). * CVE-2026-6638: Properly quote object names in logical replication origin checks (bsc#1265182). Non security issue: * Get rid of update-alternatives for openSUSE/SLE 16.0 and newer to support immutable systems and transactional updates (jsc#PED-14820). * /usr/bin/pg_config is missing after migrating away from update-alternatives (bsc#1263804). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1945=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1945=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1945=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1945=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1945=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1945=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1945=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1945=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 *postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 *postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libecpg6-debuginfo-18.4-150200.5.12.1 * libecpg6-18.4-150200.5.12.1 * libpq5-debuginfo-18.4-150200.5.12.1 * postgresql18-debugsource-18.4-150200.5.12.1 * postgresql18-debuginfo-18.4-150200.5.12.1 * libpq5-18.4-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libpq5-32bit-18.4-150200.5.12.1 * libpq5-32bit-debuginfo-18.4-150200.5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-6472.html * https://www.suse.com/security/cve/CVE-2026-6473.html * https://www.suse.com/security/cve/CVE-2026-6474.html * https://www.suse.com/security/cve/CVE-2026-6475.html * https://www.suse.com/security/cve/CVE-2026-6476.html * https://www.suse.com/security/cve/CVE-2026-6477.html *https://www.suse.com/security/cve/CVE-2026-6478.html * https://www.suse.com/security/cve/CVE-2026-6479.html * https://www.suse.com/security/cve/CVE-2026-6575.html * https://www.suse.com/security/cve/CVE-2026-6637.html * https://www.suse.com/security/cve/CVE-2026-6638.html * https://bugzilla.suse.com/show_bug.cgi?id=1263804 * https://bugzilla.suse.com/show_bug.cgi?id=1265172 * https://bugzilla.suse.com/show_bug.cgi?id=1265173 * https://bugzilla.suse.com/show_bug.cgi?id=1265174 * https://bugzilla.suse.com/show_bug.cgi?id=1265175 * https://bugzilla.suse.com/show_bug.cgi?id=1265176 * https://bugzilla.suse.com/show_bug.cgi?id=1265177 * https://bugzilla.suse.com/show_bug.cgi?id=1265178 * https://bugzilla.suse.com/show_bug.cgi?id=1265179 * https://bugzilla.suse.com/show_bug.cgi?id=1265180 * https://bugzilla.suse.com/show_bug.cgi?id=1265181 * https://bugzilla.suse.com/show_bug.cgi?id=1265182 * https://jira.suse.com/browse/PED-14820 . A SUSE patch for postgresql18 resolves 11 issues including important security fixes. Essential updates recommended.. postgresql18 update sql injection memory overflow security patch. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-2799 http://linux.oracle.com/errata/ELSA-2026-2799.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: php-8.0.30-5.el9_7.x86_64.rpm php-bcmath-8.0.30-5.el9_7.x86_64.rpm php-cli-8.0.30-5.el9_7.x86_64.rpm php-common-8.0.30-5.el9_7.x86_64.rpm php-dba-8.0.30-5.el9_7.x86_64.rpm php-dbg-8.0.30-5.el9_7.x86_64.rpm php-devel-8.0.30-5.el9_7.x86_64.rpm php-embedded-8.0.30-5.el9_7.x86_64.rpm php-enchant-8.0.30-5.el9_7.x86_64.rpm php-ffi-8.0.30-5.el9_7.x86_64.rpm php-fpm-8.0.30-5.el9_7.x86_64.rpm php-gd-8.0.30-5.el9_7.x86_64.rpm php-gmp-8.0.30-5.el9_7.x86_64.rpm php-intl-8.0.30-5.el9_7.x86_64.rpm php-ldap-8.0.30-5.el9_7.x86_64.rpm php-mbstring-8.0.30-5.el9_7.x86_64.rpm php-mysqlnd-8.0.30-5.el9_7.x86_64.rpm php-odbc-8.0.30-5.el9_7.x86_64.rpm php-opcache-8.0.30-5.el9_7.x86_64.rpm php-pdo-8.0.30-5.el9_7.x86_64.rpm php-pgsql-8.0.30-5.el9_7.x86_64.rpm php-process-8.0.30-5.el9_7.x86_64.rpm php-snmp-8.0.30-5.el9_7.x86_64.rpm php-soap-8.0.30-5.el9_7.x86_64.rpm php-xml-8.0.30-5.el9_7.x86_64.rpm aarch64: php-8.0.30-5.el9_7.aarch64.rpm php-bcmath-8.0.30-5.el9_7.aarch64.rpm php-cli-8.0.30-5.el9_7.aarch64.rpm php-common-8.0.30-5.el9_7.aarch64.rpm php-dba-8.0.30-5.el9_7.aarch64.rpm php-dbg-8.0.30-5.el9_7.aarch64.rpm php-devel-8.0.30-5.el9_7.aarch64.rpm php-embedded-8.0.30-5.el9_7.aarch64.rpm php-enchant-8.0.30-5.el9_7.aarch64.rpm php-ffi-8.0.30-5.el9_7.aarch64.rpm php-fpm-8.0.30-5.el9_7.aarch64.rpm php-gd-8.0.30-5.el9_7.aarch64.rpm php-gmp-8.0.30-5.el9_7.aarch64.rpm php-intl-8.0.30-5.el9_7.aarch64.rpm php-ldap-8.0.30-5.el9_7.aarch64.rpm php-mbstring-8.0.30-5.el9_7.aarch64.rpm php-mysqlnd-8.0.30-5.el9_7.aarch64.rpm php-odbc-8.0.30-5.el9_7.aarch64.rpm php-opcache-8.0.30-5.el9_7.aarch64.rpm php-pdo-8.0.30-5.el9_7.aarch64.rpm php-pgsql-8.0.30-5.el9_7.aarch64.rpm php-process-8.0.30-5.el9_7.aarch64.rpm php-snmp-8.0.30-5.el9_7.aarch64.rpm php-soap-8.0.30-5.el9_7.aarch64.rpm php-xml-8.0.30-5.el9_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/php-8.0.30-5.el9_7.src.rpm Related CVEs: CVE-2025-14177 CVE-2025-14178 Description of changes: [8.0.30-5] - Fix Null byte termination in dns_get_record() GHSA-www2-q4fc-65wf - Fix Heap buffer overflow in array_merge() CVE-2025-14178 - Fix Information Leak of Memory in getimagesize CVE-2025-14177 _______________________________________________ El-errata mailing list
An update that solves one vulnerability can now be installed.. # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:0499-1 Release Date: 2026-02-13T11:42:17Z Rating: important References: * bsc#1256913 Cross-References: * CVE-2026-0861 CVSS scores: * CVE-2026-0861 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0861 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issues: * CVE-2026-0861: Fixed that inadequate size check in the memalign suite may result in an integer overflow (bsc#1256913) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-499=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-499=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * glibc-livepatches-debugsource-0.3-150600.8.2.1 * glibc-livepatches-0.3-150600.8.2.1 * glibc-livepatches-debuginfo-0.3-150600.8.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * glibc-livepatches-0.3-150600.8.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0861.html * https://bugzilla.suse.com/show_bug.cgi?id=1256913 . Security update for openSUSE fixes critical memory overflow issue in glibc-livepatches. Immediate action required.. openSUSE update, glibc security, important patch,CVE-2026-0861. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:0090-1 Release Date: 2026-01-12T11:05:02Z Rating: important References: * bsc#1246189 * bsc#1251984 Cross-References: * CVE-2023-53574 * CVE-2025-38257 CVSS scores: * CVE-2023-53574 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53574 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38257 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38257 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38257 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: * CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251984). * CVE-2025-38257: s390/pkey: prevent overflow in size calculation for memdup_user() (bsc#1246189). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-93=1 SUSE-2026-94=1 SUSE-2026-106=1 SUSE-2026-95=1 SUSE-2026-96=1 SUSE-2026-90=1 SUSE-2026-91=1 SUSE-2026-92=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patchSUSE-SLE-Module-Live-Patching-15-SP5-2026-93=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-94=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-106=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-95=1 SUSE- SLE-Module-Live-Patching-15-SP5-2026-96=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-90=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-91=1 SUSE- SLE-Module-Live-Patching-15-SP5-2026-92=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-11-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_23-debugsource-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-11-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_21-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-9-150500.2.1 *kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-10-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_88-default-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-10-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-11-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_23-debugsource-12-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-11-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_21-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-11-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53574.html * https://www.suse.com/security/cve/CVE-2025-38257.html *https://bugzilla.suse.com/show_bug.cgi?id=1246189 * https://bugzilla.suse.com/show_bug.cgi?id=1251984 . Two important vulnerabilities fixed in the SUSE Kernel update, enhancing system protection and stability.. openSUSE security update, kernel vulnerabilities, important system patch. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for postgresql17, postgresql18 Announcement ID: SUSE-SU-2025:4363-1 Release Date: 2025-12-11T10:10:59Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: * Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema,potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. * pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/postgresql-18-released-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. * switch library to pg 18 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-4363=1 openSUSE-SLE-15.6-2025-4363=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4363=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4363=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4363=1 * SUSE Package Hub 15 15-SP7 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4363=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4363=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4363=1 ## Package List: * openSUSE Leap 15.6 (noarch) * postgresql-plperl-18-150600.17.9.1 * postgresql-pltcl-18-150600.17.9.1 * postgresql-devel-18-150600.17.9.1 * postgresql-llvmjit-devel-18-150600.17.9.1 * postgresql-server-devel-18-150600.17.9.1 * postgresql-test-18-150600.17.9.1 * postgresql-docs-18-150600.17.9.1 * postgresql17-docs-17.7-150600.13.19.1 * postgresql18-docs-18.1-150600.13.3.1 * postgresql-server-18-150600.17.9.1 * postgresql-plpython-18-150600.17.9.1 * postgresql-contrib-18-150600.17.9.1 * postgresql-llvmjit-18-150600.17.9.1 * postgresql-18-150600.17.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * postgresql17-pltcl-17.7-150600.13.19.1 * postgresql18-mini-debugsource-18.1-150600.13.3.1 * postgresql17-server-devel-17.7-150600.13.19.1 * libpq5-18.1-150600.13.3.1 * postgresql17-server-devel-debuginfo-17.7-150600.13.19.1 * libecpg6-debuginfo-18.1-150600.13.3.1 * postgresql18-devel-18.1-150600.13.3.1 * postgresql18-llvmjit-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-17.7-150600.13.19.1 * postgresql18-server-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-devel-debuginfo-17.7-150600.13.19.1 * postgresql17-pltcl-debuginfo-17.7-150600.13.19.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-plpython-17.7-150600.13.19.1 * postgresql18-server-18.1-150600.13.3.1 * postgresql18-18.1-150600.13.3.1 * postgresql18-llvmjit-devel-18.1-150600.13.3.1 * postgresql17-llvmjit-devel-17.7-150600.13.19.1 * postgresql17-server-debuginfo-17.7-150600.13.19.1 * libpq5-debuginfo-18.1-150600.13.3.1 *postgresql18-devel-mini-18.1-150600.13.3.1 * postgresql17-devel-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * postgresql17-plpython-debuginfo-17.7-150600.13.19.1 * postgresql18-llvmjit-18.1-150600.13.3.1 * postgresql17-plperl-debuginfo-17.7-150600.13.19.1 * postgresql18-devel-mini-debuginfo-18.1-150600.13.3.1 * postgresql17-plperl-17.7-150600.13.19.1 * postgresql17-server-17.7-150600.13.19.1 * postgresql18-pltcl-18.1-150600.13.3.1 * postgresql17-llvmjit-17.7-150600.13.19.1 * postgresql18-contrib-18.1-150600.13.3.1 * postgresql18-pltcl-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql18-plpython-debuginfo-18.1-150600.13.3.1 * libecpg6-18.1-150600.13.3.1 * postgresql18-contrib-debuginfo-18.1-150600.13.3.1 * postgresql18-plperl-18.1-150600.13.3.1 * postgresql17-llvmjit-debuginfo-17.7-150600.13.19.1 * postgresql17-test-17.7-150600.13.19.1 * postgresql18-plpython-18.1-150600.13.3.1 * postgresql17-17.7-150600.13.19.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-test-18.1-150600.13.3.1 * postgresql18-server-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-debuginfo-17.7-150600.13.19.1 * postgresql18-plperl-debuginfo-18.1-150600.13.3.1 * postgresql18-server-devel-18.1-150600.13.3.1 * openSUSE Leap 15.6 (x86_64) * libpq5-32bit-18.1-150600.13.3.1 * libecpg6-32bit-18.1-150600.13.3.1 * libpq5-32bit-debuginfo-18.1-150600.13.3.1 * libecpg6-32bit-debuginfo-18.1-150600.13.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libecpg6-64bit-18.1-150600.13.3.1 * libpq5-64bit-debuginfo-18.1-150600.13.3.1 * libecpg6-64bit-debuginfo-18.1-150600.13.3.1 * libpq5-64bit-18.1-150600.13.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql18-18.1-150600.13.3.1 * postgresql17-17.7-150600.13.19.1 * libpq5-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 *libpq5-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * Basesystem Module 15-SP6 (noarch) * postgresql-18-150600.17.9.1 * Basesystem Module 15-SP6 (x86_64) * libpq5-32bit-debuginfo-18.1-150600.13.3.1 * libpq5-32bit-18.1-150600.13.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql18-18.1-150600.13.3.1 * postgresql17-17.7-150600.13.19.1 * libpq5-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * libpq5-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * Basesystem Module 15-SP7 (noarch) * postgresql-18-150700.23.3.1 * Basesystem Module 15-SP7 (x86_64) * libpq5-32bit-debuginfo-18.1-150600.13.3.1 * libpq5-32bit-18.1-150600.13.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * postgresql-plperl-18-150600.17.9.1 * postgresql-pltcl-18-150600.17.9.1 * postgresql-devel-18-150600.17.9.1 * postgresql-llvmjit-devel-18-150600.17.9.1 * postgresql-server-devel-18-150600.17.9.1 * postgresql-test-18-150600.17.9.1 * postgresql-docs-18-150600.17.9.1 * postgresql-server-18-150600.17.9.1 * postgresql-plpython-18-150600.17.9.1 * postgresql-contrib-18-150600.17.9.1 * postgresql-llvmjit-18-150600.17.9.1 * postgresql-18-150600.17.9.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql18-llvmjit-devel-18.1-150600.13.3.1 * postgresql17-llvmjit-debuginfo-17.7-150600.13.19.1 * postgresql17-llvmjit-devel-17.7-150600.13.19.1 * postgresql17-test-17.7-150600.13.19.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-test-18.1-150600.13.3.1 * postgresql18-llvmjit-debuginfo-18.1-150600.13.3.1 * postgresql17-llvmjit-17.7-150600.13.19.1 * postgresql18-llvmjit-18.1-150600.13.3.1 *postgresql17-debugsource-17.7-150600.13.19.1 * SUSE Package Hub 15 15-SP7 (noarch) * postgresql-server-devel-18-150700.23.3.1 * postgresql-plperl-18-150700.23.3.1 * postgresql-llvmjit-devel-18-150700.23.3.1 * postgresql-18-150700.23.3.1 * postgresql-plpython-18-150700.23.3.1 * postgresql-docs-18-150700.23.3.1 * postgresql-llvmjit-18-150700.23.3.1 * postgresql-devel-18-150700.23.3.1 * postgresql-contrib-18-150700.23.3.1 * postgresql-server-18-150700.23.3.1 * postgresql-pltcl-18-150700.23.3.1 * postgresql-test-18-150700.23.3.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql18-llvmjit-devel-18.1-150600.13.3.1 * postgresql17-llvmjit-debuginfo-17.7-150600.13.19.1 * postgresql17-llvmjit-devel-17.7-150600.13.19.1 * postgresql17-test-17.7-150600.13.19.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-test-18.1-150600.13.3.1 * postgresql18-llvmjit-debuginfo-18.1-150600.13.3.1 * postgresql17-llvmjit-17.7-150600.13.19.1 * postgresql18-llvmjit-18.1-150600.13.3.1 * postgresql17-debugsource-17.7-150600.13.19.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-pltcl-17.7-150600.13.19.1 * postgresql17-server-devel-17.7-150600.13.19.1 * postgresql18-devel-18.1-150600.13.3.1 * postgresql17-server-devel-debuginfo-17.7-150600.13.19.1 * libecpg6-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-17.7-150600.13.19.1 * postgresql18-server-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-devel-debuginfo-17.7-150600.13.19.1 * postgresql17-pltcl-debuginfo-17.7-150600.13.19.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-plpython-17.7-150600.13.19.1 * postgresql18-server-18.1-150600.13.3.1 * postgresql17-server-debuginfo-17.7-150600.13.19.1 * postgresql17-devel-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 *postgresql17-plpython-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-17.7-150600.13.19.1 * postgresql17-server-17.7-150600.13.19.1 * postgresql18-pltcl-18.1-150600.13.3.1 * postgresql18-contrib-18.1-150600.13.3.1 * postgresql18-pltcl-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql18-plpython-debuginfo-18.1-150600.13.3.1 * libecpg6-18.1-150600.13.3.1 * postgresql18-contrib-debuginfo-18.1-150600.13.3.1 * postgresql18-plperl-18.1-150600.13.3.1 * postgresql18-plpython-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-server-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-debuginfo-17.7-150600.13.19.1 * postgresql18-plperl-debuginfo-18.1-150600.13.3.1 * postgresql18-server-devel-18.1-150600.13.3.1 * Server Applications Module 15-SP6 (noarch) * postgresql-plperl-18-150600.17.9.1 * postgresql-pltcl-18-150600.17.9.1 * postgresql-devel-18-150600.17.9.1 * postgresql-server-devel-18-150600.17.9.1 * postgresql17-docs-17.7-150600.13.19.1 * postgresql18-docs-18.1-150600.13.3.1 * postgresql-docs-18-150600.17.9.1 * postgresql-server-18-150600.17.9.1 * postgresql-plpython-18-150600.17.9.1 * postgresql-contrib-18-150600.17.9.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql17-pltcl-17.7-150600.13.19.1 * postgresql17-server-devel-17.7-150600.13.19.1 * postgresql18-devel-18.1-150600.13.3.1 * postgresql17-server-devel-debuginfo-17.7-150600.13.19.1 * libecpg6-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-17.7-150600.13.19.1 * postgresql18-server-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-devel-debuginfo-17.7-150600.13.19.1 * postgresql17-pltcl-debuginfo-17.7-150600.13.19.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-devel-debuginfo-18.1-150600.13.3.1 *postgresql17-plpython-17.7-150600.13.19.1 * postgresql18-server-18.1-150600.13.3.1 * postgresql17-server-debuginfo-17.7-150600.13.19.1 * postgresql17-devel-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * postgresql17-plpython-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-17.7-150600.13.19.1 * postgresql17-server-17.7-150600.13.19.1 * postgresql18-pltcl-18.1-150600.13.3.1 * postgresql18-contrib-18.1-150600.13.3.1 * postgresql18-pltcl-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql18-plpython-debuginfo-18.1-150600.13.3.1 * libecpg6-18.1-150600.13.3.1 * postgresql18-contrib-debuginfo-18.1-150600.13.3.1 * postgresql18-plperl-18.1-150600.13.3.1 * postgresql18-plpython-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-server-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-debuginfo-17.7-150600.13.19.1 * postgresql18-plperl-debuginfo-18.1-150600.13.3.1 * postgresql18-server-devel-18.1-150600.13.3.1 * Server Applications Module 15-SP7 (noarch) * postgresql-server-devel-18-150700.23.3.1 * postgresql-plperl-18-150700.23.3.1 * postgresql17-docs-17.7-150600.13.19.1 * postgresql18-docs-18.1-150600.13.3.1 * postgresql-plpython-18-150700.23.3.1 * postgresql-docs-18-150700.23.3.1 * postgresql-devel-18-150700.23.3.1 * postgresql-contrib-18-150700.23.3.1 * postgresql-server-18-150700.23.3.1 * postgresql-pltcl-18-150700.23.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 . This update addresses two important security issues in postgresql17 and postgresql18 on openSUSE and requires immediate action.. SUSE security update, postgresql vulnerabilities, openSUSEpatch. . Severity: Important. LinuxSecurity.com Team
* bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 . # Security update for postgresql17, postgresql18 Announcement ID: SUSE-SU-2025:4363-1 Release Date: 2025-12-11T10:10:59Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: * Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema,potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. * pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/postgresql-18-released-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. * switch library to pg 18 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-4363=1 openSUSE-SLE-15.6-2025-4363=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4363=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-4363=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4363=1 * SUSE Package Hub 15 15-SP7 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4363=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4363=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-4363=1 ## Package List: * openSUSE Leap 15.6 (noarch) * postgresql-plperl-18-150600.17.9.1 * postgresql-pltcl-18-150600.17.9.1 * postgresql-devel-18-150600.17.9.1 * postgresql-llvmjit-devel-18-150600.17.9.1 * postgresql-server-devel-18-150600.17.9.1 * postgresql-test-18-150600.17.9.1 * postgresql-docs-18-150600.17.9.1 * postgresql17-docs-17.7-150600.13.19.1 * postgresql18-docs-18.1-150600.13.3.1 * postgresql-server-18-150600.17.9.1 * postgresql-plpython-18-150600.17.9.1 * postgresql-contrib-18-150600.17.9.1 * postgresql-llvmjit-18-150600.17.9.1 * postgresql-18-150600.17.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * postgresql17-pltcl-17.7-150600.13.19.1 * postgresql18-mini-debugsource-18.1-150600.13.3.1 * postgresql17-server-devel-17.7-150600.13.19.1 * libpq5-18.1-150600.13.3.1 * postgresql17-server-devel-debuginfo-17.7-150600.13.19.1 * libecpg6-debuginfo-18.1-150600.13.3.1 * postgresql18-devel-18.1-150600.13.3.1 * postgresql18-llvmjit-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-17.7-150600.13.19.1 * postgresql18-server-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-devel-debuginfo-17.7-150600.13.19.1 * postgresql17-pltcl-debuginfo-17.7-150600.13.19.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-plpython-17.7-150600.13.19.1 * postgresql18-server-18.1-150600.13.3.1 * postgresql18-18.1-150600.13.3.1 * postgresql18-llvmjit-devel-18.1-150600.13.3.1 * postgresql17-llvmjit-devel-17.7-150600.13.19.1 * postgresql17-server-debuginfo-17.7-150600.13.19.1 * libpq5-debuginfo-18.1-150600.13.3.1 *postgresql18-devel-mini-18.1-150600.13.3.1 * postgresql17-devel-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * postgresql17-plpython-debuginfo-17.7-150600.13.19.1 * postgresql18-llvmjit-18.1-150600.13.3.1 * postgresql17-plperl-debuginfo-17.7-150600.13.19.1 * postgresql18-devel-mini-debuginfo-18.1-150600.13.3.1 * postgresql17-plperl-17.7-150600.13.19.1 * postgresql17-server-17.7-150600.13.19.1 * postgresql18-pltcl-18.1-150600.13.3.1 * postgresql17-llvmjit-17.7-150600.13.19.1 * postgresql18-contrib-18.1-150600.13.3.1 * postgresql18-pltcl-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql18-plpython-debuginfo-18.1-150600.13.3.1 * libecpg6-18.1-150600.13.3.1 * postgresql18-contrib-debuginfo-18.1-150600.13.3.1 * postgresql18-plperl-18.1-150600.13.3.1 * postgresql17-llvmjit-debuginfo-17.7-150600.13.19.1 * postgresql17-test-17.7-150600.13.19.1 * postgresql18-plpython-18.1-150600.13.3.1 * postgresql17-17.7-150600.13.19.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-test-18.1-150600.13.3.1 * postgresql18-server-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-debuginfo-17.7-150600.13.19.1 * postgresql18-plperl-debuginfo-18.1-150600.13.3.1 * postgresql18-server-devel-18.1-150600.13.3.1 * openSUSE Leap 15.6 (x86_64) * libpq5-32bit-18.1-150600.13.3.1 * libecpg6-32bit-18.1-150600.13.3.1 * libpq5-32bit-debuginfo-18.1-150600.13.3.1 * libecpg6-32bit-debuginfo-18.1-150600.13.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libecpg6-64bit-18.1-150600.13.3.1 * libpq5-64bit-debuginfo-18.1-150600.13.3.1 * libecpg6-64bit-debuginfo-18.1-150600.13.3.1 * libpq5-64bit-18.1-150600.13.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql18-18.1-150600.13.3.1 * postgresql17-17.7-150600.13.19.1 * libpq5-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 *libpq5-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * Basesystem Module 15-SP6 (noarch) * postgresql-18-150600.17.9.1 * Basesystem Module 15-SP6 (x86_64) * libpq5-32bit-debuginfo-18.1-150600.13.3.1 * libpq5-32bit-18.1-150600.13.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql18-18.1-150600.13.3.1 * postgresql17-17.7-150600.13.19.1 * libpq5-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * libpq5-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * Basesystem Module 15-SP7 (noarch) * postgresql-18-150700.23.3.1 * Basesystem Module 15-SP7 (x86_64) * libpq5-32bit-debuginfo-18.1-150600.13.3.1 * libpq5-32bit-18.1-150600.13.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * postgresql-plperl-18-150600.17.9.1 * postgresql-pltcl-18-150600.17.9.1 * postgresql-devel-18-150600.17.9.1 * postgresql-llvmjit-devel-18-150600.17.9.1 * postgresql-server-devel-18-150600.17.9.1 * postgresql-test-18-150600.17.9.1 * postgresql-docs-18-150600.17.9.1 * postgresql-server-18-150600.17.9.1 * postgresql-plpython-18-150600.17.9.1 * postgresql-contrib-18-150600.17.9.1 * postgresql-llvmjit-18-150600.17.9.1 * postgresql-18-150600.17.9.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql18-llvmjit-devel-18.1-150600.13.3.1 * postgresql17-llvmjit-debuginfo-17.7-150600.13.19.1 * postgresql17-llvmjit-devel-17.7-150600.13.19.1 * postgresql17-test-17.7-150600.13.19.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-test-18.1-150600.13.3.1 * postgresql18-llvmjit-debuginfo-18.1-150600.13.3.1 * postgresql17-llvmjit-17.7-150600.13.19.1 * postgresql18-llvmjit-18.1-150600.13.3.1 *postgresql17-debugsource-17.7-150600.13.19.1 * SUSE Package Hub 15 15-SP7 (noarch) * postgresql-server-devel-18-150700.23.3.1 * postgresql-plperl-18-150700.23.3.1 * postgresql-llvmjit-devel-18-150700.23.3.1 * postgresql-18-150700.23.3.1 * postgresql-plpython-18-150700.23.3.1 * postgresql-docs-18-150700.23.3.1 * postgresql-llvmjit-18-150700.23.3.1 * postgresql-devel-18-150700.23.3.1 * postgresql-contrib-18-150700.23.3.1 * postgresql-server-18-150700.23.3.1 * postgresql-pltcl-18-150700.23.3.1 * postgresql-test-18-150700.23.3.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql18-llvmjit-devel-18.1-150600.13.3.1 * postgresql17-llvmjit-debuginfo-17.7-150600.13.19.1 * postgresql17-llvmjit-devel-17.7-150600.13.19.1 * postgresql17-test-17.7-150600.13.19.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-test-18.1-150600.13.3.1 * postgresql18-llvmjit-debuginfo-18.1-150600.13.3.1 * postgresql17-llvmjit-17.7-150600.13.19.1 * postgresql18-llvmjit-18.1-150600.13.3.1 * postgresql17-debugsource-17.7-150600.13.19.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-pltcl-17.7-150600.13.19.1 * postgresql17-server-devel-17.7-150600.13.19.1 * postgresql18-devel-18.1-150600.13.3.1 * postgresql17-server-devel-debuginfo-17.7-150600.13.19.1 * libecpg6-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-17.7-150600.13.19.1 * postgresql18-server-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-devel-debuginfo-17.7-150600.13.19.1 * postgresql17-pltcl-debuginfo-17.7-150600.13.19.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-plpython-17.7-150600.13.19.1 * postgresql18-server-18.1-150600.13.3.1 * postgresql17-server-debuginfo-17.7-150600.13.19.1 * postgresql17-devel-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 *postgresql17-plpython-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-17.7-150600.13.19.1 * postgresql17-server-17.7-150600.13.19.1 * postgresql18-pltcl-18.1-150600.13.3.1 * postgresql18-contrib-18.1-150600.13.3.1 * postgresql18-pltcl-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql18-plpython-debuginfo-18.1-150600.13.3.1 * libecpg6-18.1-150600.13.3.1 * postgresql18-contrib-debuginfo-18.1-150600.13.3.1 * postgresql18-plperl-18.1-150600.13.3.1 * postgresql18-plpython-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-server-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-debuginfo-17.7-150600.13.19.1 * postgresql18-plperl-debuginfo-18.1-150600.13.3.1 * postgresql18-server-devel-18.1-150600.13.3.1 * Server Applications Module 15-SP6 (noarch) * postgresql-plperl-18-150600.17.9.1 * postgresql-pltcl-18-150600.17.9.1 * postgresql-devel-18-150600.17.9.1 * postgresql-server-devel-18-150600.17.9.1 * postgresql17-docs-17.7-150600.13.19.1 * postgresql18-docs-18.1-150600.13.3.1 * postgresql-docs-18-150600.17.9.1 * postgresql-server-18-150600.17.9.1 * postgresql-plpython-18-150600.17.9.1 * postgresql-contrib-18-150600.17.9.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * postgresql17-pltcl-17.7-150600.13.19.1 * postgresql17-server-devel-17.7-150600.13.19.1 * postgresql18-devel-18.1-150600.13.3.1 * postgresql17-server-devel-debuginfo-17.7-150600.13.19.1 * libecpg6-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-17.7-150600.13.19.1 * postgresql18-server-devel-debuginfo-18.1-150600.13.3.1 * postgresql17-devel-debuginfo-17.7-150600.13.19.1 * postgresql17-pltcl-debuginfo-17.7-150600.13.19.1 * postgresql17-debugsource-17.7-150600.13.19.1 * postgresql18-devel-debuginfo-18.1-150600.13.3.1 *postgresql17-plpython-17.7-150600.13.19.1 * postgresql18-server-18.1-150600.13.3.1 * postgresql17-server-debuginfo-17.7-150600.13.19.1 * postgresql17-devel-17.7-150600.13.19.1 * postgresql18-debugsource-18.1-150600.13.3.1 * postgresql17-plpython-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-debuginfo-17.7-150600.13.19.1 * postgresql17-plperl-17.7-150600.13.19.1 * postgresql17-server-17.7-150600.13.19.1 * postgresql18-pltcl-18.1-150600.13.3.1 * postgresql18-contrib-18.1-150600.13.3.1 * postgresql18-pltcl-debuginfo-18.1-150600.13.3.1 * postgresql18-debuginfo-18.1-150600.13.3.1 * postgresql18-plpython-debuginfo-18.1-150600.13.3.1 * libecpg6-18.1-150600.13.3.1 * postgresql18-contrib-debuginfo-18.1-150600.13.3.1 * postgresql18-plperl-18.1-150600.13.3.1 * postgresql18-plpython-18.1-150600.13.3.1 * postgresql17-debuginfo-17.7-150600.13.19.1 * postgresql18-server-debuginfo-18.1-150600.13.3.1 * postgresql17-contrib-debuginfo-17.7-150600.13.19.1 * postgresql18-plperl-debuginfo-18.1-150600.13.3.1 * postgresql18-server-devel-18.1-150600.13.3.1 * Server Applications Module 15-SP7 (noarch) * postgresql-server-devel-18-150700.23.3.1 * postgresql-plperl-18-150700.23.3.1 * postgresql17-docs-17.7-150600.13.19.1 * postgresql18-docs-18.1-150600.13.3.1 * postgresql-plpython-18-150700.23.3.1 * postgresql-docs-18-150700.23.3.1 * postgresql-devel-18-150700.23.3.1 * postgresql-contrib-18-150700.23.3.1 * postgresql-server-18-150700.23.3.1 * postgresql-pltcl-18-150700.23.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 . Update for PostgreSQL 17 and 18 fixes critical memory issues and naming conflict risks. Apply patches as recommended.. PostgreSQL Security Update,SUSE Advisory,Memory Management,DatabaseSecurity. . Severity: Important. LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for postgresql17, postgresql18 Announcement ID: SUSE-SU-2025:4364-1 Release Date: 2025-12-11T10:12:53Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 LTS * SUSE Manager Retail Branch Server 4.3 * SUSE ManagerRetail Branch Server 4.3 LTS * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 LTS An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: * Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. * pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/postgresql-18-released-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. * switch library to pg 18 ## Patch Instructions: To install this SUSEupdate use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4364=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4364=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4364=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4364=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4364=1 * SUSE Manager Proxy 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4364=1 * SUSE Manager Retail Branch Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-LTS-2025-4364=1 * SUSE Manager Server 4.3 LTS zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4364=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-4364=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-4364=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-4364=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-4364=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4364=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4364=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4364=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4364=1 * SUSE Linux Enterprise High PerformanceComputing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4364=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4364=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-llvmjit-devel-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-llvmjit-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libecpg6-18.1-150200.5.3.1 * postgresql17-plperl-debuginfo-17.7-150200.5.19.1 * postgresql17-plperl-17.7-150200.5.19.1 * postgresql17-llvmjit-17.7-150200.5.19.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * postgresql17-server-devel-debuginfo-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql17-pltcl-17.7-150200.5.19.1 * postgresql17-pltcl-debuginfo-17.7-150200.5.19.1 * postgresql17-llvmjit-devel-17.7-150200.5.19.1 * postgresql17-server-17.7-150200.5.19.1 * postgresql17-plpython-17.7-150200.5.19.1 *postgresql17-server-debuginfo-17.7-150200.5.19.1 * postgresql17-17.7-150200.5.19.1 * postgresql17-contrib-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-17.7-150200.5.19.1 * postgresql17-contrib-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * postgresql18-debuginfo-18.1-150200.5.3.1 * postgresql17-server-devel-17.7-150200.5.19.1 * postgresql17-plpython-debuginfo-17.7-150200.5.19.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * postgresql-plpython-18-150500.10.12.2 * postgresql-18-150500.10.12.2 * postgresql-plperl-18-150500.10.12.2 * postgresql-devel-18-150500.10.12.2 * postgresql-server-18-150500.10.12.2 * postgresql-docs-18-150500.10.12.2 * postgresql17-docs-17.7-150200.5.19.1 * postgresql-contrib-18-150500.10.12.2 * postgresql-pltcl-18-150500.10.12.2 * postgresql-server-devel-18-150500.10.12.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * postgresql-plperl-18-150300.10.30.2 * postgresql-server-18-150300.10.30.2 * postgresql-docs-18-150300.10.30.2 * postgresql-plpython-18-150300.10.30.2 * postgresql-devel-18-150300.10.30.2 * postgresql-server-devel-18-150300.10.30.2 * postgresql-pltcl-18-150300.10.30.2 * postgresql-contrib-18-150300.10.30.2 * postgresql-18-150300.10.30.2 * SUSE Linux Enterprise Serverfor SAP Applications 15 SP4 (ppc64le x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-llvmjit-devel-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-llvmjit-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libecpg6-18.1-150200.5.3.1 * postgresql17-plperl-debuginfo-17.7-150200.5.19.1 * postgresql17-plperl-17.7-150200.5.19.1 * postgresql17-llvmjit-17.7-150200.5.19.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * postgresql17-server-devel-debuginfo-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql17-pltcl-17.7-150200.5.19.1 * postgresql17-pltcl-debuginfo-17.7-150200.5.19.1 * postgresql17-llvmjit-devel-17.7-150200.5.19.1 * postgresql17-server-17.7-150200.5.19.1 * postgresql17-plpython-17.7-150200.5.19.1 * postgresql17-server-debuginfo-17.7-150200.5.19.1 * postgresql17-17.7-150200.5.19.1 * postgresql17-contrib-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-17.7-150200.5.19.1 * postgresql17-contrib-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * postgresql18-debuginfo-18.1-150200.5.3.1 * postgresql17-server-devel-17.7-150200.5.19.1 * postgresql17-plpython-debuginfo-17.7-150200.5.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * postgresql-plpython-18-150500.10.12.2 * postgresql-18-150500.10.12.2 * postgresql-plperl-18-150500.10.12.2 * postgresql-devel-18-150500.10.12.2 * postgresql-server-18-150500.10.12.2 * postgresql-docs-18-150500.10.12.2 * postgresql17-docs-17.7-150200.5.19.1 * postgresql-contrib-18-150500.10.12.2 * postgresql-pltcl-18-150500.10.12.2 * postgresql-server-devel-18-150500.10.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Manager Proxy 4.3 LTS (x86_64) * libecpg6-18.1-150200.5.3.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Manager Proxy 4.3 LTS (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Manager Retail Branch Server 4.3 LTS (x86_64) * libecpg6-18.1-150200.5.3.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Manager Retail Branch Server 4.3 LTS (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 *postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64) * libecpg6-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * libpq5-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Manager Server 4.3 LTS (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql17-docs-17.7-150200.5.19.1 * postgresql-plperl-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Manager Server 4.3 LTS (s390x) * postgresql18-debuginfo-18.1-150200.5.3.1 * postgresql17-devel-17.7-150200.5.19.1 * postgresql17-server-17.7-150200.5.19.1 * postgresql17-contrib-17.7-150200.5.19.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * postgresql17-plperl-debuginfo-17.7-150200.5.19.1 * postgresql17-plperl-17.7-150200.5.19.1 * postgresql17-plpython-17.7-150200.5.19.1 * postgresql17-server-debuginfo-17.7-150200.5.19.1 * postgresql17-server-devel-17.7-150200.5.19.1 * postgresql17-17.7-150200.5.19.1 * postgresql17-debugsource-17.7-150200.5.19.1 * postgresql17-server-devel-debuginfo-17.7-150200.5.19.1 * postgresql17-pltcl-17.7-150200.5.19.1 * postgresql18-debugsource-18.1-150200.5.3.1 * postgresql17-pltcl-debuginfo-17.7-150200.5.19.1 * postgresql17-contrib-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-debuginfo-17.7-150200.5.19.1 * postgresql17-plpython-debuginfo-17.7-150200.5.19.1 * SUSE Manager Server 4.3 LTS (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Enterprise Storage 7.1 (noarch) * postgresql-plperl-18-150300.10.30.2 * postgresql-server-18-150300.10.30.2 * postgresql-docs-18-150300.10.30.2 * postgresql-plpython-18-150300.10.30.2 * postgresql-devel-18-150300.10.30.2 * postgresql-server-devel-18-150300.10.30.2 * postgresql-pltcl-18-150300.10.30.2 * postgresql-contrib-18-150300.10.30.2 * postgresql-18-150300.10.30.2 * openSUSE Leap 15.3 (noarch) * postgresql-plperl-18-150300.10.30.2 * postgresql-server-18-150300.10.30.2 * postgresql-docs-18-150300.10.30.2 * postgresql-plpython-18-150300.10.30.2 * postgresql-llvmjit-18-150300.10.30.2 * postgresql-devel-18-150300.10.30.2 * postgresql-server-devel-18-150300.10.30.2 * postgresql-pltcl-18-150300.10.30.2 * postgresql-contrib-18-150300.10.30.2 * postgresql-18-150300.10.30.2 * postgresql-test-18-150300.10.30.2 * postgresql-llvmjit-devel-18-150300.10.30.2 * openSUSE Leap 15.4 (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-llvmjit-devel-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-test-18-150400.4.21.2 * postgresql-llvmjit-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * openSUSE Leap 15.5 (noarch) * postgresql-plpython-18-150500.10.12.2 * postgresql-18-150500.10.12.2 * postgresql-plperl-18-150500.10.12.2 *postgresql-devel-18-150500.10.12.2 * postgresql-server-18-150500.10.12.2 * postgresql-docs-18-150500.10.12.2 * postgresql-contrib-18-150500.10.12.2 * postgresql-pltcl-18-150500.10.12.2 * postgresql-test-18-150500.10.12.2 * postgresql-server-devel-18-150500.10.12.2 * postgresql-llvmjit-devel-18-150500.10.12.2 * postgresql-llvmjit-18-150500.10.12.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * postgresql-plperl-18-150300.10.30.2 * postgresql-server-18-150300.10.30.2 * postgresql-docs-18-150300.10.30.2 * postgresql-plpython-18-150300.10.30.2 * postgresql-devel-18-150300.10.30.2 * postgresql-server-devel-18-150300.10.30.2 * postgresql-pltcl-18-150300.10.30.2 * postgresql-contrib-18-150300.10.30.2 * postgresql-18-150300.10.30.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-llvmjit-devel-18-150400.4.21.2 *postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-llvmjit-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * postgresql-docs-18-150400.4.21.2 * postgresql-server-18-150400.4.21.2 * postgresql-pltcl-18-150400.4.21.2 * postgresql-18-150400.4.21.2 * postgresql-plperl-18-150400.4.21.2 * postgresql-llvmjit-devel-18-150400.4.21.2 * postgresql-contrib-18-150400.4.21.2 * postgresql-plpython-18-150400.4.21.2 * postgresql-llvmjit-18-150400.4.21.2 * postgresql-devel-18-150400.4.21.2 * postgresql-server-devel-18-150400.4.21.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libecpg6-18.1-150200.5.3.1 * postgresql17-plperl-debuginfo-17.7-150200.5.19.1 * postgresql17-plperl-17.7-150200.5.19.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * postgresql17-server-devel-debuginfo-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql17-pltcl-17.7-150200.5.19.1 * postgresql17-pltcl-debuginfo-17.7-150200.5.19.1 *postgresql17-server-17.7-150200.5.19.1 * postgresql17-plpython-17.7-150200.5.19.1 * postgresql17-server-debuginfo-17.7-150200.5.19.1 * postgresql17-17.7-150200.5.19.1 * postgresql17-contrib-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-17.7-150200.5.19.1 * postgresql17-contrib-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * postgresql18-debuginfo-18.1-150200.5.3.1 * postgresql17-server-devel-17.7-150200.5.19.1 * postgresql17-plpython-debuginfo-17.7-150200.5.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * postgresql-plpython-18-150500.10.12.2 * postgresql-18-150500.10.12.2 * postgresql-plperl-18-150500.10.12.2 * postgresql-devel-18-150500.10.12.2 * postgresql-server-18-150500.10.12.2 * postgresql-docs-18-150500.10.12.2 * postgresql17-docs-17.7-150200.5.19.1 * postgresql-contrib-18-150500.10.12.2 * postgresql-pltcl-18-150500.10.12.2 * postgresql-server-devel-18-150500.10.12.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libecpg6-18.1-150200.5.3.1 * postgresql17-plperl-debuginfo-17.7-150200.5.19.1 * postgresql17-plperl-17.7-150200.5.19.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * postgresql17-server-devel-debuginfo-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql17-pltcl-17.7-150200.5.19.1 * postgresql17-pltcl-debuginfo-17.7-150200.5.19.1 * postgresql17-server-17.7-150200.5.19.1 * postgresql17-plpython-17.7-150200.5.19.1 * postgresql17-server-debuginfo-17.7-150200.5.19.1 * postgresql17-17.7-150200.5.19.1 *postgresql17-contrib-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-debuginfo-17.7-150200.5.19.1 * postgresql17-devel-17.7-150200.5.19.1 * postgresql17-contrib-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * postgresql18-debuginfo-18.1-150200.5.3.1 * postgresql17-server-devel-17.7-150200.5.19.1 * postgresql17-plpython-debuginfo-17.7-150200.5.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * postgresql-plpython-18-150500.10.12.2 * postgresql-18-150500.10.12.2 * postgresql-plperl-18-150500.10.12.2 * postgresql-devel-18-150500.10.12.2 * postgresql-server-18-150500.10.12.2 * postgresql-docs-18-150500.10.12.2 * postgresql17-docs-17.7-150200.5.19.1 * postgresql-contrib-18-150500.10.12.2 * postgresql-pltcl-18-150500.10.12.2 * postgresql-server-devel-18-150500.10.12.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libpq5-32bit-debuginfo-18.1-150200.5.3.1 * libpq5-32bit-18.1-150200.5.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * postgresql18-debuginfo-18.1-150200.5.3.1 * libecpg6-18.1-150200.5.3.1 * postgresql17-debuginfo-17.7-150200.5.19.1 * libecpg6-debuginfo-18.1-150200.5.3.1 * postgresql17-debugsource-17.7-150200.5.19.1 * libpq5-18.1-150200.5.3.1 * postgresql18-debugsource-18.1-150200.5.3.1 * libpq5-debuginfo-18.1-150200.5.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * postgresql-plperl-18-150300.10.30.2 * postgresql-server-18-150300.10.30.2 * postgresql-docs-18-150300.10.30.2 * postgresql-plpython-18-150300.10.30.2 * postgresql-devel-18-150300.10.30.2 * postgresql-server-devel-18-150300.10.30.2 * postgresql-pltcl-18-150300.10.30.2 * postgresql-contrib-18-150300.10.30.2 * postgresql-18-150300.10.30.2 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html *https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 . Security advisory update for openSUSE fixing PostgreSQL vulnerabilities with an important risk rating.. SUSE Linux, PostgreSQL update, security threats, openSUSE vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.