An update for postgresql is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2721 Final 1.0 1.0 2025-11-22 Initial 2025-11-22 2025-11-22 openEuler SA Tool V1.0 2025-11-22 postgresql security update An update for postgresql is now available for openEuler-24.03-LTS-SP2 PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.(CVE-2025-12817) Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.(CVE-2025-12818) An update for postgresql is now available for openEuler-20.03-LTS-SP4/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium postgresql https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2721 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12817 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12818 https://nvd.nist.gov/vuln/detail/CVE-2025-12817 https://nvd.nist.gov/vuln/detail/CVE-2025-12818 openEuler-24.03-LTS-SP2 postgresql-15.15-1.oe2403sp2.x86_64.rpm postgresql-contrib-15.15-1.oe2403sp2.x86_64.rpm postgresql-debuginfo-15.15-1.oe2403sp2.x86_64.rpm postgresql-debugsource-15.15-1.oe2403sp2.x86_64.rpm postgresql-docs-15.15-1.oe2403sp2.x86_64.rpm postgresql-llvmjit-15.15-1.oe2403sp2.x86_64.rpm postgresql-plperl-15.15-1.oe2403sp2.x86_64.rpm postgresql-plpython3-15.15-1.oe2403sp2.x86_64.rpm postgresql-pltcl-15.15-1.oe2403sp2.x86_64.rpm postgresql-private-devel-15.15-1.oe2403sp2.x86_64.rpm postgresql-private-libs-15.15-1.oe2403sp2.x86_64.rpm postgresql-server-15.15-1.oe2403sp2.x86_64.rpm postgresql-server-devel-15.15-1.oe2403sp2.x86_64.rpm postgresql-static-15.15-1.oe2403sp2.x86_64.rpm postgresql-test-15.15-1.oe2403sp2.x86_64.rpm postgresql-test-rpm-macros-15.15-1.oe2403sp2.noarch.rpm postgresql-15.15-1.oe2403sp2.aarch64.rpm postgresql-contrib-15.15-1.oe2403sp2.aarch64.rpm postgresql-debuginfo-15.15-1.oe2403sp2.aarch64.rpm postgresql-debugsource-15.15-1.oe2403sp2.aarch64.rpm postgresql-docs-15.15-1.oe2403sp2.aarch64.rpm postgresql-llvmjit-15.15-1.oe2403sp2.aarch64.rpm postgresql-plperl-15.15-1.oe2403sp2.aarch64.rpm postgresql-plpython3-15.15-1.oe2403sp2.aarch64.rpm postgresql-pltcl-15.15-1.oe2403sp2.aarch64.rpm postgresql-private-devel-15.15-1.oe2403sp2.aarch64.rpm postgresql-private-libs-15.15-1.oe2403sp2.aarch64.rpm postgresql-server-15.15-1.oe2403sp2.aarch64.rpm postgresql-server-devel-15.15-1.oe2403sp2.aarch64.rpm postgresql-static-15.15-1.oe2403sp2.aarch64.rpm postgresql-test-15.15-1.oe2403sp2.aarch64.rpm postgresql-15.15-1.oe2403sp2.src.rpm Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected. 2025-11-22 CVE-2025-12817 openEuler-24.03-LTS-SP2 Low 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L postgresql security update 2025-11-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2721 Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected. 2025-11-22 CVE-2025-12818 openEuler-24.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H postgresql security update 2025-11-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2721