SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3005

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3005

Security update for postgresql16

Type: security

Severity: important

Issued: 2025-09-11

Description:

This update for postgresql16 fixes the following issues:

Upgraded to 16.10:
  * CVE-2025-8713: Fixed optimizer statistics exposing
    sampled data within a view, partition, or child table
    (bsc#1248120)
  * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump 
    allows superuser of origin server to execute arbitrary code
    in psql client (bsc#1248122)
  * CVE-2025-8715: Fixed improper neutralization of newlines 
    in pg_dump leading to arbitrary code execution in the psql
    client and in the restore target server (bsc#1248119)

References

CVE: CVE-2025-8715
CVE: CVE-2025-8714
CVE: CVE-2025-8713
Bugzilla: 1248122 VUL-0: CVE-2025-8714: postgresql: untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client
Bugzilla: 1248120 VUL-0: CVE-2025-8713: postgresql: optimizer statistics can expose sampled data within a view, partition, or child table to unauthorized users
Bugzilla: 1248119 VUL-0: CVE-2025-8715: postgresql: improper neutralization of newlines in pg_dump can lead to arbitrary code execution in the psql client and in the restore target server

Packages

postgresql16-16.10-150600.16.21.1