postgresql:15 security update

エラータID: AXSA:2025-9702:01

Release date: 
Tuesday, February 25, 2025 - 18:24
Subject: 
postgresql:15 security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

Modularity name: "postgresql"
Stream name: "15"

Solution: 

Update packages.

CVEs: 
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.7.0-1.module+el9+1070+8aa8aace.src.rpm
    MD5: a22996ce7864b6cb0d8eff7ec2138ae5
    SHA-256: d79cf4dec5b05c00f87f58b3655d0aa5b6363fe139c4b6b72fa0be2332915643
    Size: 51.24 kB
  2. pg_repack-1.4.8-2.module+el9+1070+8aa8aace.src.rpm
    MD5: b3686369928f2dec7dcb7b32348286ed
    SHA-256: 7d7207999f13af044bf41493d0687fd24994ce16e85eb5898f80aeef069ce1a4
    Size: 102.34 kB
  3. postgres-decoderbufs-1.9.7-1.Final.module+el9+1070+8aa8aace.src.rpm
    MD5: 08a69bfeb327100c571422654e70c812
    SHA-256: d0ade63243c8f602533bf5cdc88acba284b77506e6f08d8294b7993882ebdfe8
    Size: 21.46 kB
  4. postgresql-15.12-1.module+el9+1070+8aa8aace.src.rpm
    MD5: 3e1f7bdd9d456f21886a9b3501ec86ce
    SHA-256: fa98ec1d08b85cdf19ef6b9152261e87b75cbd28fd8091beb266bb596f09796a
    Size: 50.96 MB

Asianux Server 9 for x86_64
  1. pgaudit-1.7.0-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 81f14c3f1daa18303e0b8eeecfd017a7
    SHA-256: 7ef0410198a2f34634bd2015cb3ca36fe0b21e711d2128b5a6988a7f07321ff0
    Size: 27.60 kB
  2. pgaudit-debugsource-1.7.0-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 19b07ce15afd3078fe1bb91c77df8c8c
    SHA-256: c6dfefdac86c8c88fda896e1cabda4c7af0936f0fd3ed8d82d8ae4377a126183
    Size: 22.29 kB
  3. pg_repack-1.4.8-2.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 46b4beb1e0f541b73153ac970e47860e
    SHA-256: 8d56c2951814b93ad51e3fb4b9f36f264447c017a9ee1b67a7441da7ced81815
    Size: 90.61 kB
  4. pg_repack-debugsource-1.4.8-2.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 692e9d662b1aa363cba4af8e1a870360
    SHA-256: bc1381efcbd899c2f7b5bfe25af160df074f0902bce7b6f57ea54470e6cfc141
    Size: 48.09 kB
  5. postgres-decoderbufs-1.9.7-1.Final.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: ffd2a767f1a11b5a6c687d5b43d0fd37
    SHA-256: ea7461e4ea86a28a09792874114511c2aed5dedb0e68f32eeaf3725ca2ff2953
    Size: 22.86 kB
  6. postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 2a9533926e2a306a04e69e94c3a5fa22
    SHA-256: 6d5b23dcc4e82250b7c8398bbd11df05d6f55b8976790ad74b31c2fb861e510c
    Size: 16.55 kB
  7. postgresql-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 6491fa7b4534350e7f88c2f8db690734
    SHA-256: 538d15b1fd238526b46b68fc668f263a1a77903ce2a472f00e696221f3d620d6
    Size: 1.73 MB
  8. postgresql-contrib-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 7e2b03ffaa2382a7a6ee34a894679b8b
    SHA-256: 09dca197e0c8ae872ed090f7ce7b4e38caf692c335fe25eefe525b5c25fb7e4c
    Size: 0.98 MB
  9. postgresql-debugsource-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: e4c2d994dfdd556557c23b3a08930b25
    SHA-256: 6f588a3a1eca3bcf6e10587c3d18c6fdef5643e7c5fda20fe1cede5eb97a413f
    Size: 16.17 MB
  10. postgresql-docs-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 3d26307a24f716fc5ea2e46c4125ff96
    SHA-256: d5ae5c9c818d25d2d6304e3cff5d37dc6c31f50134b65796a5760af8267a26b5
    Size: 10.02 MB
  11. postgresql-plperl-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: b9fa7021563fcf570ee3d35801dd7fd9
    SHA-256: 9d1e4517ed6ae45f3186ced1f62e3051edb83144467ebffd8d4f12211ad134bb
    Size: 78.16 kB
  12. postgresql-plpython3-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 615c553b6570e3cf98e252bc9ee703ba
    SHA-256: 606846edb6ea9a9df00d4631a8354c4121c52191e02d9ca86ab78f4339c1c739
    Size: 100.47 kB
  13. postgresql-pltcl-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: a343e7b41ba680a47baa02829a3ffca7
    SHA-256: d7d2b17b2194fc359bc467f05b665e51c539eb98dd6ebe2fb6cd523491a4bc30
    Size: 51.98 kB
  14. postgresql-private-devel-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 9e52e49c19d1499b7cfd59e34b2417c3
    SHA-256: 32c12fc8e280eb5ee569d32261247ff1aef826a4f45d15a730251e9f346769a0
    Size: 67.06 kB
  15. postgresql-private-libs-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: cd86e88534bfd6565ebc172666e70c3e
    SHA-256: 49a07a309a4f2389dba30ce0da2f9c994d077080673982a0b9711ddc44554239
    Size: 143.55 kB
  16. postgresql-server-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: cf140ea9cd78dd8a351526c159a71f09
    SHA-256: c4aef3ab3c4d968e63fc81182991a42283394acc3e45faa056d63f63281c06b0
    Size: 6.28 MB
  17. postgresql-server-devel-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 561fdd8625c6b8d1797b76cb610341c7
    SHA-256: 0f9399a1e6544af4708ec19dd671ba47475b6a9edbca6171e7924b63b5c4640d
    Size: 1.45 MB
  18. postgresql-static-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: ae600545b5a6ad6eacd5b3e65e1c8b51
    SHA-256: 2f10dfc137c04260bfc0f11eeb7d2588d08b9877e1ffeaeee897b546d90f5383
    Size: 129.25 kB
  19. postgresql-test-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 79f7a5035cadbb44450d5f4642e5e11a
    SHA-256: 32957c3c94f6c0c5172d53a4c0f5fc489b0ff78005cefa574dd43921ce374f27
    Size: 1.70 MB
  20. postgresql-test-rpm-macros-15.12-1.module+el9+1070+8aa8aace.noarch.rpm
    MD5: aef9d80ffa57b40ee77c84664d1192da
    SHA-256: ecf6ca54eb6fcee457447e9b569885dc623109c8597cf911685a90197e4fc41e
    Size: 9.66 kB
  21. postgresql-upgrade-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: fb1fe2c32be608490847e080afe462f9
    SHA-256: 664fc836c5cf2bba693b3f686823cc9b43d3a6c5746c506eda49ab1312938ebe
    Size: 4.78 MB
  22. postgresql-upgrade-devel-15.12-1.module+el9+1070+8aa8aace.x86_64.rpm
    MD5: 3d6a8a5b9cc7cad6b895195667d0ba34
    SHA-256: 002e8071a437347b6d7145f1a4f51808d99af88a06e1c8db364ae59e159c42f4
    Size: 1.24 MB