postgresql:15 security update

エラータID: AXSA:2026-060:01

Release date: 
Wednesday, January 21, 2026 - 17:01
Subject: 
postgresql:15 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: CREATE STATISTICS does not check for schema CREATE privilege (CVE-2025-12817)
* postgresql: libpq undersizes allocations, via integer wraparound (CVE-2025-12818)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Modularity name: "postgresql"
Stream name: "15"

Solution: 

Update packages.

CVEs: 
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.7.0-1.module+el8+1943+b02cf3a2.src.rpm
    MD5: 89181fb3a318165f86abb852b6fd03ca
    SHA-256: ab253a593c123a6ea8de12673d06f4d1036c9ec8187e9c6bee4bdbc8a387190d
    Size: 52.57 kB
  2. pg_repack-1.4.8-1.module+el8+1943+b02cf3a2.src.rpm
    MD5: 1f9fb2002a8748ff28c475ccd5222b8e
    SHA-256: 79344046e4adf3eb91d2c47775b50b60fce4480417ca8d2937742c55bd0c50cf
    Size: 102.55 kB
  3. postgres-decoderbufs-1.9.7-1.Final.module+el8+1943+b02cf3a2.src.rpm
    MD5: bf9ac338c30907b1dffc7770b9cf06b9
    SHA-256: e4bfcb5e6727aeeb3dd77c95b51e48e14504fb0d322cd2ecd094b2f9e703c828
    Size: 23.30 kB
  4. postgresql-15.15-1.module+el8+1943+b02cf3a2.src.rpm
    MD5: 358fb957d819f3392d270d7b2893df32
    SHA-256: f45ab8b52cb82126c1538a49ce481758f8136b667e72ba4c936da8fa7d6037ef
    Size: 43.54 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.7.0-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 3945d030ff6aa9a40747c648721c9678
    SHA-256: a73ed0412fa87611f1aefb60a68ced73df96f02e7a913ccc0a6b115f29f7c6bc
    Size: 28.33 kB
  2. pgaudit-debugsource-1.7.0-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 3ef7f1bbdaf5255bd233927d463860d2
    SHA-256: 7ac4c361e3cb7c3d0f72e390e030b7920d8276a63bc726bd33b53ea6f0266b98
    Size: 24.12 kB
  3. pg_repack-1.4.8-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: d2b8b0e90ea6fc69b997ecf53b81fbb6
    SHA-256: ff8aa3675a62e9e3b8954aa753b22ad79aa9abb478b80d54fbc81b2b13006f66
    Size: 94.40 kB
  4. pg_repack-debugsource-1.4.8-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: ed2d71a2d94d8f201cd3575722408bf8
    SHA-256: 63d08aab2949ffed57ea56c2ba675da60ee59b71f0fc57266ca055b3a3c503cd
    Size: 50.55 kB
  5. postgres-decoderbufs-1.9.7-1.Final.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: af1f47f7d4b56229f2e8e313b6bc47b5
    SHA-256: e348dcfa9676be136603545a82c09b84c17ddcf0624cbd7288394be122058ef9
    Size: 23.82 kB
  6. postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 14f4960860bb1af06b9a6dd01f62f64c
    SHA-256: 1357442728fe8a488f4e104b4c9b763dc51f439b2a937eda630b9010f7fc4661
    Size: 18.27 kB
  7. postgresql-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 96c79496b01f6832bc2501eab3f351e1
    SHA-256: b27a1e292774cb6cebbe7222d22769964f7854e3db35b1e8bd23c1cc88fe92cd
    Size: 1.74 MB
  8. postgresql-contrib-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 1b1cae6a14cc7cc0078570864b991edd
    SHA-256: f7911d68296062c077d935b8b3135030dcf2a6aaa44355ba1989e9b2bc4ed63f
    Size: 969.31 kB
  9. postgresql-debugsource-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: c9fb5b73e6e4095ab4bd4581acfdeee4
    SHA-256: b88b1c48bf6feda6d7caab4523f986183bddf8e49e84ef1f048a08a94a69445d
    Size: 18.96 MB
  10. postgresql-docs-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 22b3c63c91c6a8b9df78f8f25963bd1e
    SHA-256: b9fe80c0b3f27494132c9346ddb79ff7fd363958588eabac1376f68bb938c57d
    Size: 3.05 MB
  11. postgresql-plperl-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: a121b0d3b1bfecad47ae1cff30f6a9a2
    SHA-256: 207a398f841fbd2cb64ade26db55182cf697326c12f40e51c5896a372fab79ef
    Size: 72.93 kB
  12. postgresql-plpython3-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: d2cd0c770ed29d393e209257bf20934b
    SHA-256: 970ad1406d6838bb0bfdaa6ca33385f46fb0775a42b542f21494c422a9b473a1
    Size: 92.48 kB
  13. postgresql-pltcl-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 62c55236897ec2dbf9ae9cefc6737fef
    SHA-256: d5d17a35a60a036a756e6eb7b56f1a47f91749e96c94c4140b9defe8c60134aa
    Size: 45.35 kB
  14. postgresql-private-devel-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: fcbc4ed602ea727838bd0176c7c0e6b9
    SHA-256: 89fee8a3372c7bb3d7503925d63c87bbae3c0e5136ac6a6e3a9ccd7969da92a9
    Size: 64.79 kB
  15. postgresql-private-libs-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 968cbc88e3e40e4599839aee6fcd44f4
    SHA-256: 66309f56dacfc98e6b8825de38f3e3af2e3f11c46234e8b5abe2ed8135b9e694
    Size: 133.03 kB
  16. postgresql-server-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 529d1a6dfd44e948466cb817b0dd46d9
    SHA-256: ee23b2e7e887b3d3faa402e7f5f29c24307c0f67a3a01d3687bbefe084592756
    Size: 6.17 MB
  17. postgresql-server-devel-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 9b054e8e39aaae74ee8001557a97c6a8
    SHA-256: d70a08ecba62ce20d8cd297c8b942e3ac0384730e134c4d8c3eef2a549b7e0ce
    Size: 1.37 MB
  18. postgresql-static-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: e7c8e5a6ce9902a02562c4f2d8fbb024
    SHA-256: 98548212eb6acb896aacde248f22229114fc718355d6bd8e2f5568d59fb01fc2
    Size: 153.37 kB
  19. postgresql-test-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: c49f69e4c207c2a3a7b0918ea33ebc3f
    SHA-256: 5f3879b263df535b10780bc0187d5620f8955065309d5558af54ce156ff69130
    Size: 2.17 MB
  20. postgresql-test-rpm-macros-15.15-1.module+el8+1943+b02cf3a2.noarch.rpm
    MD5: a60b87800645935ece066286adf18007
    SHA-256: 24c4afe6e3dbfa21bad2e1c5b094909fd42170402d169efc02d3346ee8c46d3c
    Size: 10.11 kB
  21. postgresql-upgrade-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 3e11f3f8f00f867888a09350443e8229
    SHA-256: ac6e82a52f51667e65db2237dd053c702b5ba62fecba07de314e88770028896c
    Size: 4.51 MB
  22. postgresql-upgrade-devel-15.15-1.module+el8+1943+b02cf3a2.x86_64.rpm
    MD5: 4ecd8967bc0025eeedb8d8e928459258
    SHA-256: 4945ef210eb50e8131ed3b9ef9de01c21b514e4cfcfd5998846c848778bd5605
    Size: 1.18 MB