SUSE alert SUSE-SU-2026:20588-1 (postgresql15)
| From: | SLE-SECURITY-UPDATES <null@suse.de> | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2026:20588-1: important: Security update for postgresql15 | |
| Date: | Thu, 05 Mar 2026 16:44:15 -0000 | |
| Message-ID: | <177272905543.1967.5300048787918472284@df8f6ab05d2e> |
# Security update for postgresql15 Announcement ID: SUSE-SU-2026:20588-1 Release Date: 2026-02-20T16:18:08Z Rating: important References: * bsc#1253332 * bsc#1253333 * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 Cross-References: * CVE-2025-12817 * CVE-2025-12818 * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for postgresql15 fixes the following issues: Update to version 15.16. Security issues fixed: * CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). * CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). * CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). * CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). * CVE-2025-12817: missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332). * CVE-2025-12818: integer overflow in allocation-size calculations within libpq (bsc#1253333). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-308=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-308=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * postgresql15-server-15.16-160000.1.1 * postgresql15-plpython-debuginfo-15.16-160000.1.1 * postgresql15-contrib-15.16-160000.1.1 * postgresql15-debuginfo-15.16-160000.1.1 * postgresql15-contrib-debuginfo-15.16-160000.1.1 * postgresql15-pltcl-15.16-160000.1.1 * postgresql15-server-debuginfo-15.16-160000.1.1 * postgresql15-plperl-debuginfo-15.16-160000.1.1 * postgresql15-server-devel-debuginfo-15.16-160000.1.1 * postgresql15-devel-15.16-160000.1.1 * postgresql15-debugsource-15.16-160000.1.1 * postgresql15-plpython-15.16-160000.1.1 * postgresql15-plperl-15.16-160000.1.1 * postgresql15-pltcl-debuginfo-15.16-160000.1.1 * postgresql15-devel-debuginfo-15.16-160000.1.1 * postgresql15-15.16-160000.1.1 * postgresql15-server-devel-15.16-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * postgresql15-docs-15.16-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * postgresql15-server-15.16-160000.1.1 * postgresql15-plpython-debuginfo-15.16-160000.1.1 * postgresql15-contrib-15.16-160000.1.1 * postgresql15-debuginfo-15.16-160000.1.1 * postgresql15-contrib-debuginfo-15.16-160000.1.1 * postgresql15-pltcl-15.16-160000.1.1 * postgresql15-server-debuginfo-15.16-160000.1.1 * postgresql15-plperl-debuginfo-15.16-160000.1.1 * postgresql15-server-devel-debuginfo-15.16-160000.1.1 * postgresql15-devel-15.16-160000.1.1 * postgresql15-debugsource-15.16-160000.1.1 * postgresql15-plpython-15.16-160000.1.1 * postgresql15-plperl-15.16-160000.1.1 * postgresql15-pltcl-debuginfo-15.16-160000.1.1 * postgresql15-devel-debuginfo-15.16-160000.1.1 * postgresql15-15.16-160000.1.1 * postgresql15-server-devel-15.16-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * postgresql15-docs-15.16-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011
Attachment: None (type=text/html)
(HTML attachment elided)