postgresql:13 security update
エラータID: AXSA:2026-049:01
Release date:
Tuesday, January 20, 2026 - 21:59
Subject:
postgresql:13 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: CREATE STATISTICS does not check for schema CREATE privilege (CVE-2025-12817)
* postgresql: libpq undersizes allocations, via integer wraparound (CVE-2025-12818)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modularity name: "postgresql"
Stream name: "13"
Solution:
Update packages.
CVEs:
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Additional Info:
N/A
Download:
SRPMS
- pgaudit-1.5.0-1.module+el8+1942+78fddc8f.src.rpm
MD5: 1b306bbaea369d0e82b5deee207429fd
SHA-256: 93d46232e810e6bde6025f2dd2298aecd6526122905437444f8f76f948d7e112
Size: 42.60 kB - pg_repack-1.4.6-3.module+el8+1942+78fddc8f.src.rpm
MD5: d3dcabcb9d846ab6670a3a4cba69289b
SHA-256: deaed4498485b143248b9371e662813b00ff1c07146caafb305de29502c0be09
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1942+78fddc8f.src.rpm
MD5: d3de46d5b7f5716d068225b106196756
SHA-256: e60928cb8d8a955a26ec8324c306c02686fd4a84bbc856241c7844ae6f5fe345
Size: 21.13 kB - postgresql-13.23-1.module+el8+1942+78fddc8f.src.rpm
MD5: cf44b3ea5f843c9c1dd556cc655041b0
SHA-256: aa291ef2092fd1eaa116e2b02739c3df514819f372c6cd33d7af5c2b34b4ec05
Size: 48.94 MB
Asianux Server 8 for x86_64
- pgaudit-1.5.0-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 9277275eb7fb3b0064c0ade636afba44
SHA-256: 1bf01babb43e1246e3fa55e0abda27261d382bde04111b6f10b9039e02c2d8ea
Size: 27.03 kB - pgaudit-debugsource-1.5.0-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 6744c7cdcd5322dba3b9bdaf5bc104f7
SHA-256: f03078e3e03ae30333156f5dd2573b26642fd0daa07fc8719f0ea943eae8e06f
Size: 22.80 kB - pg_repack-1.4.6-3.module+el8+1942+78fddc8f.x86_64.rpm
MD5: dac254b04ce5c1546edce486c02820b3
SHA-256: d9fbe2ed8b55b0f636bae7bcfb444b84b67f0aeb89e2c14fd347b8d26c08e891
Size: 89.69 kB - pg_repack-debugsource-1.4.6-3.module+el8+1942+78fddc8f.x86_64.rpm
MD5: ebd04df7c28af9f13a5aa789e34092af
SHA-256: df2e79445a2949bb6f01f088dfc48066a56b2cb6f68944203a51fbb1f722c376
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1942+78fddc8f.x86_64.rpm
MD5: f95d54828e82f1704995fe804bf9461b
SHA-256: 456135d365a5256ed4a110dabba6af4ed361e20009e2ad32b005987f2a6559cc
Size: 21.90 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 9a2678c48544c79bfdf7c590dd83130f
SHA-256: 8628b58aae3c416ebe8c4e33b042b75da7785ef92fcee56ae45fde00efd6c52e
Size: 16.81 kB - postgresql-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 7108b3431333b698916f2e0ad233bc5a
SHA-256: 9d5515bd08923ab6dc42673f12653de64706d6c9caa0393b85a4fed7da0e39a8
Size: 1.58 MB - postgresql-contrib-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: a2f793857477a0d267d1319aeb797cb4
SHA-256: 9adda9b91376f19c27efd347e386bcb3d1596a1dd7fff5e80ac82247f05af6b8
Size: 883.59 kB - postgresql-debugsource-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 0576b568dfc0d654d56f30d04cb743a3
SHA-256: 7a3211adcd8c41044bf8fd7fff9aa26357656663027315bc5cbf5b85a3dc8563
Size: 17.89 MB - postgresql-docs-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: d961f638dacc2cbd05efc179195e0778
SHA-256: 7b3c2f741e5b12c8f626bc5695d5a93c01d1901152c6e7c03d6cff2514029899
Size: 9.96 MB - postgresql-plperl-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 71888da014b495c866a5da5c60a130ea
SHA-256: 0baa29795bf6a07ea15d8e323590b828f4ec4dc79717a29b8a20367efce05bdf
Size: 113.05 kB - postgresql-plpython3-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 72ba7ddd0c420b59579f9e89d05f7086
SHA-256: f3e2a6a9b8b1733008b0f54fbe4047d539bca32ca35c426c04a8083ea9f26818
Size: 129.48 kB - postgresql-pltcl-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 92994bd8730f4bdb3b716c0c65a7bbc5
SHA-256: c437d0680e87554ed52aad11db98a2f9c47cd264ad03adf82217f13e39c1a868
Size: 86.01 kB - postgresql-server-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 70a2d039f4549068904df3b69cd0174b
SHA-256: 961c79accf24bd8fc335170ca3408c83117b6d860008c159092a1d065e6583d8
Size: 5.60 MB - postgresql-server-devel-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 5c1c4e20933c9ab463576ca65e3ce6ac
SHA-256: 870ed10465b8c67f4e75a1854333e55a094f2c4b1706b0afb04b415dca3cff22
Size: 1.26 MB - postgresql-static-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: b6e42c362fa34a4cd8bf56f227877d9e
SHA-256: 7c0a268c8661e1478b7613d7d4a5b690cebfff4dd53d90a11ca65ab4930c1c47
Size: 190.70 kB - postgresql-test-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 1ed4e9fb3caaa39d51389b41a43af3db
SHA-256: c5a5e949efe415674ec29fe26cd65556e4abcb8b5f8def77d15db5818c3fdcde
Size: 2.05 MB - postgresql-test-rpm-macros-13.23-1.module+el8+1942+78fddc8f.noarch.rpm
MD5: d8f31976f9053884bd8fe0b508ea6ea1
SHA-256: e118d191e9bb6991f9306ddd6444dc258a37e04e0b9e21c66b7a2c8b9099708c
Size: 53.23 kB - postgresql-upgrade-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 0564232d07cf36f9628077572302dde5
SHA-256: 002c56ebdc3350176844b0ba019065258689f4936a5b0d4c6aad2d826655a702
Size: 4.39 MB - postgresql-upgrade-devel-13.23-1.module+el8+1942+78fddc8f.x86_64.rpm
MD5: 36484addbdd8d1781ab24c41c936866e
SHA-256: a19025b15e086e51ea13132f35b92b6cb8780861f2e4c258dedf579478abfd6a
Size: 1.18 MB