postgresql:16 security update
エラータID: AXSA:2026-061:01
Release date:
Wednesday, January 21, 2026 - 17:35
Subject:
postgresql:16 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: CREATE STATISTICS does not check for schema CREATE privilege (CVE-2025-12817)
* postgresql: libpq undersizes allocations, via integer wraparound (CVE-2025-12818)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Modularity name: "postgresql"
Stream name: "16"
Solution:
Update packages.
CVEs:
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Additional Info:
N/A
Download:
SRPMS
- pgaudit-16.0-1.module+el8+1944+bc3dcb55.src.rpm
MD5: e8e8b4068e6cfd865974f89c4cdf6b0a
SHA-256: 02a3e69b56f6341837fe85bf46e9879def83b566d4eed9a38bdf16446e97bd5b
Size: 52.51 kB - pg_repack-1.5.1-1.module+el8+1944+bc3dcb55.src.rpm
MD5: d9e98862d7f5a74d254ef55088539a72
SHA-256: e3b1eaf41da5f3f4a2cd8f58e3ca4cbd8e1b4e36bf0502ebd7cf5bd229cffa33
Size: 104.88 kB - postgres-decoderbufs-2.4.0-1.Final.module+el8+1944+bc3dcb55.src.rpm
MD5: cc3277b0af972eaa95f6f8453bf156a9
SHA-256: 02e1e0b579b9441f2b4ee33ac4cb3e2d6acaf1f5e2eead67aedc3353e5a36371
Size: 21.11 kB - postgresql-16.11-1.module+el8+1944+bc3dcb55.src.rpm
MD5: 154443d414f368c326ed286d6da806c3
SHA-256: ec37af953130d0493e4fc07caab27dcc870a105045e817b900dd4d5c8ba36012
Size: 45.97 MB
Asianux Server 8 for x86_64
- pgaudit-16.0-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 8cb0f2dd6bd5a40fffa2fe63a04a0266
SHA-256: bdfdd1e9edfb1f41c5b69acd520728a94ede56d95908514d8bd4aba36fac1949
Size: 27.44 kB - pgaudit-debugsource-16.0-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 7c9dde92eb102bb96efbd12a9060302e
SHA-256: c1c46d59257cb6c1b91789043fba47550c8e56bd49d2adedb24e552fe62e2da1
Size: 23.57 kB - pg_repack-1.5.1-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 51005d1ab157df0cff538d20c7e36205
SHA-256: ebdcd36ec316621aee447f49dbacefa62f91642b8917c0dd223b603ba4f386a1
Size: 95.37 kB - pg_repack-debugsource-1.5.1-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: d918400cf29c337f587936fd6c925408
SHA-256: ccc9faa217ece28c067f9beb061999676ea86b5e67ea1f55e4b66710978cbb18
Size: 50.82 kB - postgres-decoderbufs-2.4.0-1.Final.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 6260c72867b8d78069013dec5be2c772
SHA-256: d8ea5dca3725a28da03e006b1f8b8411114a344bf4a5f60ba2454bf1d5171d87
Size: 22.13 kB - postgres-decoderbufs-debugsource-2.4.0-1.Final.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 15b2083e092fcb792830019729628eb5
SHA-256: 0a6a9d1d108f46911d14832eec821c287a811af13567dad87649fd871d9a1989
Size: 16.73 kB - postgresql-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 54f623edeaaf235f14fbf8f0b8959d79
SHA-256: 81635acb289eb49934f089490c5904428dc007f743ed7bfca64eefae6cbe875c
Size: 1.97 MB - postgresql-contrib-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: c50344c243fc7f55d51207209cd3ab3b
SHA-256: 0089d7e00273c039db2131cc8d8d8999be38add71d76215cf4dab8e241f1ee47
Size: 0.98 MB - postgresql-debugsource-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 3e4d2c13d583cd8c567dd2593aaef21f
SHA-256: 0baa55da597227ebf79eb6eda9a58eba71f5687b295b8d7db4c0a3667a17276c
Size: 19.90 MB - postgresql-docs-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 1464d3f43849f4fa06c86590e4517982
SHA-256: 7372e9fc5b71d53c73c8f0e0687c49c59b695d1502af5f47f93bfd4024f36f26
Size: 2.51 MB - postgresql-plperl-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 6418b9a85a29da0ce6f22d95ff6c2d30
SHA-256: 69cac34040f6b1528930c939118ff8161d1b4187e0867d4b5c607bdce05cba2d
Size: 75.16 kB - postgresql-plpython3-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 3eb22c1291d9563c6daf43399ed4c5c3
SHA-256: 085ca32bc5b8ecf14d8b092924c6598e95db225647ed33e08e53416b75122ea1
Size: 93.77 kB - postgresql-pltcl-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: dcf52ac8289657f5b71338ffbb3576ea
SHA-256: 90f67362c4d32629a72cb752cd7598e6695673b3dca50720b101725a61c159f5
Size: 46.62 kB - postgresql-private-devel-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 94b38b577ed2495f932867eaed41fb04
SHA-256: 04b98ade2aefe51659074e4603d28cb954b0dc0e8c5b34cc8f975e68b7a4bfa6
Size: 63.64 kB - postgresql-private-libs-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: b9e933c13e5b2539dd37fdbbc53d1a48
SHA-256: 1e8e45e5b7e82d0c0171fd9ceafec6bb795fb38acf5afac9a8d61e310f2f8a02
Size: 136.10 kB - postgresql-server-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 8da3d887e58ee91bbdff5e29265e9de6
SHA-256: ed6f2dc7c60d2606a0e5ccee8f0fe9d2130c2431219b4b59045576eae3268234
Size: 6.89 MB - postgresql-server-devel-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: a962078d7e9392769d67e041474a808a
SHA-256: 45c88bb763d03c0914dc8794fc81bbbf30396db53d782e8e9c8830f9c27b5bb3
Size: 1.41 MB - postgresql-static-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 8c388c20205e628cf31c04c08858c614
SHA-256: a9f77c4b36eaf969ac5ff930a6f985a26353e53971852cf13912348ede131b7d
Size: 156.19 kB - postgresql-test-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: f814440fd74e7d6d7114621b810665d2
SHA-256: ce06b7c99d3c75c014b03d0c9c8f01cb5331216743420c74b5dd5ebfaf7559a1
Size: 2.24 MB - postgresql-test-rpm-macros-16.11-1.module+el8+1944+bc3dcb55.noarch.rpm
MD5: 8d125c71e40733088c26fa2a272ccfd8
SHA-256: 0d6a7f156050eea4126ae1378af6eb314a853d3af8e1827f9906791994a0ae05
Size: 10.14 kB - postgresql-upgrade-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: cf05cf78cfa711f625680e7a7f1fc237
SHA-256: 3eed4781f81bdf9a68ab263d0c11e5927f511852bd39f49d060cc5ba7eea077c
Size: 4.90 MB - postgresql-upgrade-devel-16.11-1.module+el8+1944+bc3dcb55.x86_64.rpm
MD5: 1883d59019ee200d20cd77ec4da9149b
SHA-256: b070aac47c1a233babd5daf592f4881a6d79e7eb2f9b8bfdca6fa81f381cd15a
Size: 1.33 MB