SUSE-CU-2025:8935-1: Security update of suse/postgres
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Dec 12 10:43:02 UTC 2025
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8935-1
Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-81.3
Container Release : 81.3
Severity : important
Type : security
References : 1154884 1154887 1175825 1180138 1197771 1245309 1245310 1245311
1245314 1246197 1246974 1249191 1249348 1249367 1249375 1251264
1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927
CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818 CVE-2025-4877
CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-8114 CVE-2025-8277
CVE-2025-9086
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released: Fri Jul 4 18:02:30 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3596-1
Released: Wed Oct 15 09:51:21 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1251264
This update for curl fixes the following issue:
- rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4300-1
Released: Fri Nov 28 13:57:41 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4363-1
Released: Thu Dec 11 11:10:57 2025
Summary: Security update for postgresql17, postgresql18
Type: security
Severity: important
References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818
This update for postgresql17, postgresql18 fixes the following issues:
Changes in postgresql18:
- Fix build with uring for post SLE15 code streams.
Update to 18.1:
* https://www.postgresql.org/about/news/p-3171/
* https://www.postgresql.org/docs/release/18.1/
* bsc#1253332, CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts.
* bsc#1253333, CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.
- pg_config --libs returns -lnuma so we need to require it.
Update to 18.0:
* https://www.postgresql.org/about/news/p-3142/
* https://www.postgresql.org/docs/18/release-18.html
Changes in postgresql17:
Update to 17.7:
* https://www.postgresql.org/about/news/p-3171/
* https://www.postgresql.org/docs/release/17.7/
* bsc#1253332, CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts.
* bsc#1253333, CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.
- switch library to pg 18
The following package changes have been done:
- libbrotlicommon1-1.0.7-150200.3.5.1 added
- libnghttp2-14-1.64.0-150700.1.5 added
- libssh-config-0.9.8-150600.11.6.1 added
- libunistring2-0.9.10-1.1 added
- libbrotlidec1-1.0.7-150200.3.5.1 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libssh4-0.9.8-150600.11.6.1 added
- libcurl4-8.14.1-150700.7.5.1 added
- libpq5-18.1-150600.13.3.1 updated
- postgresql-18-150700.23.3.1 updated
- postgresql-server-18-150700.23.3.1 updated
- container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated
More information about the sle-container-updates
mailing list