postgresql-13.20-1.el9_5

エラータID: AXSA:2025-9698:02

Release date: 
Tuesday, February 25, 2025 - 12:00
Subject: 
postgresql-13.20-1.el9_5
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

Solution: 

Update packages.

CVEs: 
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. postgresql-13.20-1.el9_5.src.rpm
    MD5: 393da44f8ce9f61651593e61f8101a03
    SHA-256: 38f70d8775617fcc2f0ebb83061dce8d8cefc8e44b00b5e412ed6496345852d9
    Size: 48.84 MB

Asianux Server 9 for x86_64
  1. postgresql-13.20-1.el9_5.x86_64.rpm
    MD5: 24601274b1a9a83f368ced948fb698ce
    SHA-256: 5e35abf46d5531529a8db63c12274aa34d05d31ac0c66977cd58d292fac3c2b8
    Size: 1.61 MB
  2. postgresql-contrib-13.20-1.el9_5.x86_64.rpm
    MD5: 3dba1d21a150447d00f3aa65a5049d97
    SHA-256: 426830c8ecfdc300f205ac8b4f5d0388d8ffc014b1114d7d132092c1d804057c
    Size: 890.87 kB
  3. postgresql-docs-13.20-1.el9_5.x86_64.rpm
    MD5: 86eeb384964ed9e5f038657f499bae31
    SHA-256: 889dbcb0969d3a72620659fc6fb08bef4fe9e1f8b94d359438c14c6672934d1c
    Size: 9.62 MB
  4. postgresql-plperl-13.20-1.el9_5.x86_64.rpm
    MD5: 163bde4843ba81d678503fbb419eada2
    SHA-256: fd9ad2756369737bb15db92ec38a3ecf953dd1677e06e7a6ccf567e4e5d4c5e5
    Size: 74.24 kB
  5. postgresql-plpython3-13.20-1.el9_5.x86_64.rpm
    MD5: 1b3c55d55de01de431240ae301dac4cb
    SHA-256: 99c3cd3083f93489da4224125daa2e21ca777a68604f2ac6528d897c53d403b3
    Size: 93.91 kB
  6. postgresql-pltcl-13.20-1.el9_5.x86_64.rpm
    MD5: 73fe159cb70a715c2473a3d4935eaa60
    SHA-256: 4e1f807506eba0f33717e54a335a5f31d2a689108735bb6a2371343f9b0c671b
    Size: 48.26 kB
  7. postgresql-private-devel-13.20-1.el9_5.x86_64.rpm
    MD5: e286e7aa9980af8711a36787844ecc81
    SHA-256: 9e2a5b3dfa01cee222c855aa4cfc5cc4b4d48f1d051c838a14a7c4b2b8a097c2
    Size: 62.67 kB
  8. postgresql-private-libs-13.20-1.el9_5.x86_64.rpm
    MD5: f505c43a77ed797d7447ff4c2d3f22ff
    SHA-256: 1610adf3995a30ea455f8468df132e20686c8c0c75bdc55599adeda41ab53797
    Size: 136.65 kB
  9. postgresql-server-13.20-1.el9_5.x86_64.rpm
    MD5: f068a6e4d2bca5726f65d952558dd6a7
    SHA-256: ca76d030b843cbd6f3c94f75ff86e26917c9c70792dcff872b9c89a992a1b4bf
    Size: 5.78 MB
  10. postgresql-server-devel-13.20-1.el9_5.x86_64.rpm
    MD5: 737ca9f544b6fabfa6a4726a2c3aafa0
    SHA-256: 0ab371bd514d21e2844e7d050fa72454359611af82a80817015d6f69efa24cf5
    Size: 1.30 MB
  11. postgresql-static-13.20-1.el9_5.x86_64.rpm
    MD5: 0cbf34fef114622aed3ccaf23e510d55
    SHA-256: 550e524e210e593b3578444eee764a0ba418fa38f1bb40102dd91a1d39bd6487
    Size: 125.09 kB
  12. postgresql-test-13.20-1.el9_5.x86_64.rpm
    MD5: 0ba7001c0821a11ce13e14f86cbccfad
    SHA-256: 89e99d459a7a006e40426d39d4b6de45516a4dbf1bdeabe9728eb55e0a99da09
    Size: 1.53 MB
  13. postgresql-test-rpm-macros-13.20-1.el9_5.noarch.rpm
    MD5: a12c426a3ff9552460e355443e56800e
    SHA-256: 865c72a4090dabbd6a86414cdf958a1a3705b8b3a4433c2db58a1a5b728affa9
    Size: 8.89 kB
  14. postgresql-upgrade-13.20-1.el9_5.x86_64.rpm
    MD5: ddab96fbc613f872d7c05a27a1d4b9ad
    SHA-256: 1341e8921241819564e6e10e90143eb72bf0b3bda893b300b35d54e42b58d7b3
    Size: 4.62 MB
  15. postgresql-upgrade-devel-13.20-1.el9_5.x86_64.rpm
    MD5: ad6c3578ca5291a3674e1024796c14b5
    SHA-256: 935db35f51e43bf08aeb52445ba325f6f1f6344622b21697356c59d176f7c805
    Size: 1.20 MB