[security - medium] postgresql:15 security update, postgresql-15.15-2.module+el9+1124+173ca3cb

エラータID: AXSA:2026-062:01

Release date: 
Wednesday, January 21, 2026 - 18:25
Subject: 
[security - medium] postgresql:15 security update, postgresql-15.15-2.module+el9+1124+173ca3cb
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: CREATE STATISTICS does not check for schema CREATE privilege (CVE-2025-12817)
* postgresql: libpq undersizes allocations, via integer wraparound (CVE-2025-12818)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Modularity name: "postgresql"
Stream name: "15"

Solution: 

Update packages.

CVEs: 
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.7.0-1.module+el9+1124+173ca3cb.src.rpm
    MD5: 3bfaab98553b3a67ecd21ded107387f1
    SHA-256: e96795a7e17a85b4298368d5536f256557f0bb268731a6c7a80bc7d27d8383cb
    Size: 51.24 kB
  2. pg_repack-1.4.8-2.module+el9+1124+173ca3cb.src.rpm
    MD5: 9e58069c937355b39b99d4cb71728a82
    SHA-256: cd2cf7545c4e4277d043ad4bbf5e439bdfdea3c66e92930535aa817725110b39
    Size: 102.34 kB
  3. postgres-decoderbufs-1.9.7-1.Final.module+el9+1124+173ca3cb.src.rpm
    MD5: 5ebb09d594a94e5b94fac93d4c14a8cf
    SHA-256: 27eaf105764ba488774a68bc69aab00aa6d881b96999f349463a901328b108c1
    Size: 21.45 kB
  4. postgresql-15.15-2.module+el9+1124+173ca3cb.src.rpm
    MD5: d8c0d335ad89dd41d372e349050aead7
    SHA-256: 90d42cb77b345585e9466374263c090753dfe1db2440c7ec5e0084b150cfca12
    Size: 44.79 MB

Asianux Server 9 for x86_64
  1. pgaudit-1.7.0-1.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 5a9edce67dbb11ecb0929826e6133d76
    SHA-256: 113a849402d82a8cf9a09d0d0ff020ca8a422dbe80915cf0f7340918705b727a
    Size: 27.50 kB
  2. pgaudit-debugsource-1.7.0-1.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: cf3cd1e58fbe82e37e36af4e2a641319
    SHA-256: e583aacbc010cb6c8c614e69dba7bfafabcd110ea1618a51adb5661031727afd
    Size: 22.29 kB
  3. pg_repack-1.4.8-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: a342efb57e8bc25719a333afb76c27eb
    SHA-256: c0076dbcd1a98583cd25c67a83fb7c366568959069e8779090f95a3b3bdb77fc
    Size: 90.01 kB
  4. pg_repack-debugsource-1.4.8-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 72654204e942fe74c82f95ed038e5134
    SHA-256: d7e5b395e95ba56f7cd83a74cc1b09ded6ef6dff602443c5ddbbc2e51403f7b6
    Size: 48.08 kB
  5. postgres-decoderbufs-1.9.7-1.Final.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 7744707c0973ccc516b714fec64eb14c
    SHA-256: a05abad6180e79b5bb7565253462370b1b7765d79e5e861cf85f0a73ee4551f1
    Size: 22.73 kB
  6. postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 44c52fdaa25068d4bfc3e10ef8e3d657
    SHA-256: 77c7f1c6838fd16ea5b4260a44af999863b029f93bae6bea3d88e3e0cb1a63c3
    Size: 16.55 kB
  7. postgresql-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 8ec7486ece845ea4bea40e5b751f8e27
    SHA-256: 3644bf313aea5aa77f12316d6a2b11615d39ca2d54c39d81666c3178b3824359
    Size: 1.75 MB
  8. postgresql-contrib-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 7401c920bf460dbe1bfdf7bafd8f2c78
    SHA-256: cd4ebeadbe46a46af7606d92c98ebe5fbe762df43823ec8dbc692f4599fc8138
    Size: 0.98 MB
  9. postgresql-debugsource-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: a459685d8457415a01c35f6c296955ee
    SHA-256: c810ad4922d763237fe22dff779e815fce2249cbda153865b9263bc6f2f4e5f4
    Size: 16.19 MB
  10. postgresql-docs-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: b17309cfef658d904b1a8e72b0d8b7c1
    SHA-256: 5b498d720c35849eb8e0a1928126b3775fc58f055b8c4d113f6d6f01e7e56247
    Size: 4.11 MB
  11. postgresql-plperl-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: f99e0fabb92603dc88a888f73e163648
    SHA-256: 8704540b298f20578c98254a88068104d5fdab350de63f2cfe0bf0fafc96f6ee
    Size: 77.90 kB
  12. postgresql-plpython3-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: b94f512e7e17cfc826593bde1ab838aa
    SHA-256: 19c2e7fcb2ec94419b1cf966231493187e4345d5a62b3ba369aefab41a89ca30
    Size: 100.68 kB
  13. postgresql-pltcl-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 15769a452753c8c9c57c77ba72238da5
    SHA-256: dc733448f47e775daa5d5dd351a00ca87896735284367464d47dd123ee6f4891
    Size: 51.83 kB
  14. postgresql-private-devel-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 4a8b29c017200753105c3bd2d916971a
    SHA-256: 60673042cccb99755c45f6c2b0aaaee820b9874d43e7c7e36bfa36384fcf4a47
    Size: 67.27 kB
  15. postgresql-private-libs-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: b3c2e04fe02ca28169973f7b67e8e27f
    SHA-256: b88c7fdb0dbdb1887a7ef5d0c2d5304b1284a9b4a89965cc6561db14ce976c22
    Size: 143.96 kB
  16. postgresql-server-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 59a6dcd4932e9f9cbf36e3f5c05c64af
    SHA-256: c4e5325c2f3e607e53ad9a4dafdf2817f0337f6971f299f750718de0c216fe63
    Size: 6.30 MB
  17. postgresql-server-devel-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 3fa289825ebf22b8fa7143fa4e806517
    SHA-256: 53e64e6d144974321cb29a280a64f5a94cae774368e6d6c8ef76119fcdc04707
    Size: 1.46 MB
  18. postgresql-static-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: e26630460ffdf3e451ddb003908d389c
    SHA-256: 95ae79e0365786330994ad1033bb43ff714e30eb6867017f7ed48118b611f95d
    Size: 129.44 kB
  19. postgresql-test-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: e022fb0ea96019e205cccfc0ac073bda
    SHA-256: 65b91ee17fc86f6d1d6f1451819708276bb14c2dc4a9521374f207c788f00ecb
    Size: 1.71 MB
  20. postgresql-test-rpm-macros-15.15-2.module+el9+1124+173ca3cb.noarch.rpm
    MD5: ca3f00631713f5cdd37f6f6275a08930
    SHA-256: bdd3bc304d75d66b1225eee794a448e38100f43b6fae669c08f121e37abf55d7
    Size: 9.68 kB
  21. postgresql-upgrade-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: 413c40b21684ac9b7e8594c8b11a7933
    SHA-256: 024849983a7952c19026e0d749b464c8659b29a88b64e18b94255b496263dda3
    Size: 4.77 MB
  22. postgresql-upgrade-devel-15.15-2.module+el9+1124+173ca3cb.x86_64.rpm
    MD5: d8009388eb9a1542669b43b1cce8e3ce
    SHA-256: 163443981c040aa89cb53eefa8d84b74972e6fd8f81f3aafbafa770d274d2259
    Size: 1.24 MB