Overview

File _patchinfo of Package patchinfo.41843

<patchinfo incident="41843">
  <issue tracker="bnc" id="1253333">VUL-0: CVE-2025-12818: postgresql: integer overflow in allocation-size calculations within libpq</issue>
  <issue tracker="cve" id="2025-12818"/>
  <issue tracker="bnc" id="1253332">VUL-0: CVE-2025-12817: postgresql: missing check for CREATE privileges on the schema in CREATE STATISTICS</issue>
  <issue tracker="cve" id="2025-12817"/>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql17, postgresql18</summary>
  <description>This update for postgresql17, postgresql18 fixes the following issues:

Changes in postgresql18:

- Fix build with uring for post SLE15 code streams.

Update to 18.1:

  * https://www.postgresql.org/about/news/p-3171/
  * https://www.postgresql.org/docs/release/18.1/
  * bsc#1253332, CVE-2025-12817: Missing check for CREATE
    privileges on the schema in CREATE STATISTICS allowed table
    owners to create statistics in any schema, potentially leading
    to unexpected naming conflicts.
  * bsc#1253333, CVE-2025-12818: Several places in libpq were not
    sufficiently careful about computing the required size of a
    memory allocation. Sufficiently large inputs could cause
    integer overflow, resulting in an undersized buffer, which
    would then lead to writing past the end of the buffer.

- pg_config --libs returns -lnuma so we need to require it.

Update to 18.0:

  * https://www.postgresql.org/about/news/p-3142/
  * https://www.postgresql.org/docs/18/release-18.html


Changes in postgresql17:

Update to 17.7:

  * https://www.postgresql.org/about/news/p-3171/
  * https://www.postgresql.org/docs/release/17.7/
  * bsc#1253332, CVE-2025-12817: Missing check for CREATE
    privileges on the schema in CREATE STATISTICS allowed table
    owners to create statistics in any schema, potentially leading
    to unexpected naming conflicts.
  * bsc#1253333, CVE-2025-12818: Several places in libpq were not
    sufficiently careful about computing the required size of a
    memory allocation. Sufficiently large inputs could cause
    integer overflow, resulting in an undersized buffer, which
    would then lead to writing past the end of the buffer.

- switch library to pg 18
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places