Overview

File _patchinfo of Package patchinfo.40269

<patchinfo incident="40269">
  <issue tracker="cve" id="2025-8713"/>
  <issue tracker="cve" id="2025-8714"/>
  <issue tracker="cve" id="2025-8715"/>
  <issue tracker="bnc" id="1248120">VUL-0: CVE-2025-8713: postgresql: optimizer statistics can expose sampled data within a view, partition, or child table to unauthorized users</issue>
  <issue tracker="bnc" id="1248122">VUL-0: CVE-2025-8714: postgresql: untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client</issue>
  <issue tracker="bnc" id="1248119">VUL-0: CVE-2025-8715: postgresql: improper neutralization of newlines in pg_dump can lead to arbitrary code execution in the psql client and in the restore target server</issue>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql17</summary>
  <description>This update for postgresql17 fixes the following issues:

Updated to 17.6:
  * CVE-2025-8713: Fixed optimizer statistics exposing
    sampled data within a view, partition, or child table
    (bsc#1248120)
  * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump 
    allows superuser of origin server to execute arbitrary code
    in psql client (bsc#1248122)
  * CVE-2025-8715: Fixed improper neutralization of newlines 
    in pg_dump leading to arbitrary code execution in the psql
    client and in the restore target server (bsc#1248119)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places