{"affected":[{"ecosystem_specific":{"binaries":[{"libecpg6":"18.1-8.3.4","libecpg6-32bit":"18.1-8.3.4","libpq5":"18.1-8.3.4","libpq5-32bit":"18.1-8.3.4","postgresql":"18-4.32.1","postgresql-contrib":"18-4.32.1","postgresql-devel":"18-4.32.1","postgresql-docs":"18-4.32.1","postgresql-plperl":"18-4.32.1","postgresql-plpython":"18-4.32.1","postgresql-pltcl":"18-4.32.1","postgresql-server":"18-4.32.1","postgresql-server-devel":"18-4.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"postgresql","purl":"pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18-4.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"18.1-8.3.4","libecpg6-32bit":"18.1-8.3.4","libpq5":"18.1-8.3.4","libpq5-32bit":"18.1-8.3.4","postgresql":"18-4.32.1","postgresql-contrib":"18-4.32.1","postgresql-devel":"18-4.32.1","postgresql-docs":"18-4.32.1","postgresql-plperl":"18-4.32.1","postgresql-plpython":"18-4.32.1","postgresql-pltcl":"18-4.32.1","postgresql-server":"18-4.32.1","postgresql-server-devel":"18-4.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5-LTSS","name":"postgresql18","purl":"pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18.1-8.3.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"18.1-8.3.4","libecpg6-32bit":"18.1-8.3.4","libpq5":"18.1-8.3.4","libpq5-32bit":"18.1-8.3.4","postgresql":"18-4.32.1","postgresql-contrib":"18-4.32.1","postgresql-devel":"18-4.32.1","postgresql-docs":"18-4.32.1","postgresql-plperl":"18-4.32.1","postgresql-plpython":"18-4.32.1","postgresql-pltcl":"18-4.32.1","postgresql-server":"18-4.32.1","postgresql-server-devel":"18-4.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"postgresql","purl":"pkg:rpm/suse/postgresql&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18-4.32.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libecpg6":"18.1-8.3.4","libecpg6-32bit":"18.1-8.3.4","libpq5":"18.1-8.3.4","libpq5-32bit":"18.1-8.3.4","postgresql":"18-4.32.1","postgresql-contrib":"18-4.32.1","postgresql-devel":"18-4.32.1","postgresql-docs":"18-4.32.1","postgresql-plperl":"18-4.32.1","postgresql-plpython":"18-4.32.1","postgresql-pltcl":"18-4.32.1","postgresql-server":"18-4.32.1","postgresql-server-devel":"18-4.32.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"postgresql18","purl":"pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18.1-8.3.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for postgresql17, postgresql18 fixes the following issues:\n\nChanges in postgresql18:\n\n- Fix build with uring for post SLE15 code streams.\n\nUpdate to 18.1:\n\n  * https://www.postgresql.org/about/news/p-3171/\n  * https://www.postgresql.org/docs/release/18.1/\n  * bsc#1253332, CVE-2025-12817: Missing check for CREATE\n    privileges on the schema in CREATE STATISTICS allowed table\n    owners to create statistics in any schema, potentially leading\n    to unexpected naming conflicts.\n  * bsc#1253333, CVE-2025-12818: Several places in libpq were not\n    sufficiently careful about computing the required size of a\n    memory allocation. Sufficiently large inputs could cause\n    integer overflow, resulting in an undersized buffer, which\n    would then lead to writing past the end of the buffer.\n\n- pg_config --libs returns -lnuma so we need to require it.\n\nUpdate to 18.0:\n\n  * https://www.postgresql.org/about/news/p-3142/\n  * https://www.postgresql.org/docs/18/release-18.html\n\n\nChanges in postgresql17:\n\nUpdate to 17.7:\n\n  * https://www.postgresql.org/about/news/p-3171/\n  * https://www.postgresql.org/docs/release/17.7/\n  * bsc#1253332, CVE-2025-12817: Missing check for CREATE\n    privileges on the schema in CREATE STATISTICS allowed table\n    owners to create statistics in any schema, potentially leading\n    to unexpected naming conflicts.\n  * bsc#1253333, CVE-2025-12818: Several places in libpq were not\n    sufficiently careful about computing the required size of a\n    memory allocation. Sufficiently large inputs could cause\n    integer overflow, resulting in an undersized buffer, which\n    would then lead to writing past the end of the buffer.\n\n- switch library to pg 18\n","id":"SUSE-SU-2026:0197-1","modified":"2026-01-21T09:31:57Z","published":"2026-01-21T09:31:57Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260197-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253332"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253333"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-12817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-12818"}],"related":["CVE-2025-12817","CVE-2025-12818"],"summary":"Security update for postgresql17, postgresql18","upstream":["CVE-2025-12817","CVE-2025-12818"]}