An update for libpq is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2728 Final 1.0 1.0 2025-11-22 Initial 2025-11-22 2025-11-22 openEuler SA Tool V1.0 2025-11-22 libpq security update An update for libpq is now available for openEuler-22.03-LTS-SP4 PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or interface. Security Fix(es): Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.(CVE-2025-12817) Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.(CVE-2025-12818) An update for libpq is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libpq https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2728 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12817 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-12818 https://nvd.nist.gov/vuln/detail/CVE-2025-12817 https://nvd.nist.gov/vuln/detail/CVE-2025-12818 openEuler-22.03-LTS-SP4 libpq-13.23-1.oe2203sp4.aarch64.rpm libpq-debuginfo-13.23-1.oe2203sp4.aarch64.rpm libpq-debugsource-13.23-1.oe2203sp4.aarch64.rpm libpq-devel-13.23-1.oe2203sp4.aarch64.rpm libpq-13.23-1.oe2203sp4.src.rpm libpq-13.23-1.oe2203sp4.x86_64.rpm libpq-debuginfo-13.23-1.oe2203sp4.x86_64.rpm libpq-debugsource-13.23-1.oe2203sp4.x86_64.rpm libpq-devel-13.23-1.oe2203sp4.x86_64.rpm Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected. 2025-11-22 CVE-2025-12817 openEuler-22.03-LTS-SP4 Low 3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L libpq security update 2025-11-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2728 Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected. 2025-11-22 CVE-2025-12818 openEuler-22.03-LTS-SP4 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H libpq security update 2025-11-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2728