Advisories » MGASA-2025-0302

Updated postgresql15 & postgresql13 packages fix security vulnerabilities

Publication date: 18 Nov 2025
Modification date: 18 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-12817 , CVE-2025-12818

Description

PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege.
(CVE-2025-12817)
PostgreSQL libpq undersizes allocations, via integer wraparound.
(CVE-2025-12818)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34752
• https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818

SRPMS

9/core

• postgresql15-15.15-1.mga9
• postgresql13-13.23-1.mga9