SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2986

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-2986

Security update for postgresql17

Type: security

Severity: important

Issued: 2025-08-26

Description:

This update for postgresql17 fixes the following issues:

Updated to 17.6:
  * CVE-2025-8713: Fixed optimizer statistics exposing
    sampled data within a view, partition, or child table
    (bsc#1248120)
  * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump 
    allows superuser of origin server to execute arbitrary code
    in psql client (bsc#1248122)
  * CVE-2025-8715: Fixed improper neutralization of newlines 
    in pg_dump leading to arbitrary code execution in the psql
    client and in the restore target server (bsc#1248119)

References

CVE: CVE-2025-8715
CVE: CVE-2025-8714
CVE: CVE-2025-8713
Bugzilla: 1248122 VUL-0: CVE-2025-8714: postgresql: untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client
Bugzilla: 1248120 VUL-0: CVE-2025-8713: postgresql: optimizer statistics can expose sampled data within a view, partition, or child table to unauthorized users
Bugzilla: 1248119 VUL-0: CVE-2025-8715: postgresql: improper neutralization of newlines in pg_dump can lead to arbitrary code execution in the psql client and in the restore target server

Packages

postgresql17-17.6-150600.13.16.1