SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2025-3031

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2025-3031

Security update for postgresql14

Type: security

Severity: important

Issued: 2025-08-29

Description:

This update for postgresql14 fixes the following issues:

Upgrade to 14.19:

- CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120).
- CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql
  client (bsc#1248122).
- CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and
  in restore target server (bsc#1248119).

References

CVE: CVE-2025-8715
CVE: CVE-2025-8714
CVE: CVE-2025-8713
Bugzilla: 1248122 VUL-0: CVE-2025-8714: postgresql: untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client
Bugzilla: 1248120 VUL-0: CVE-2025-8713: postgresql: optimizer statistics can expose sampled data within a view, partition, or child table to unauthorized users
Bugzilla: 1248119 VUL-0: CVE-2025-8715: postgresql: improper neutralization of newlines in pg_dump can lead to arbitrary code execution in the psql client and in the restore target server

Packages

postgresql14-14.19-150200.5.61.1