postgresql:16 security update

エラータID: AXSA:2025-9703:01

Release date: 
Tuesday, February 25, 2025 - 18:56
Subject: 
postgresql:16 security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

Modularity name: "postgresql"
Stream name: "16"

Solution: 

Update packages.

CVEs: 
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-16.0-1.module+el9+1069+0d0197d3.src.rpm
    MD5: 46e95e05775fe7beafe496fe99c6676f
    SHA-256: cddb75e4f881308d0304232c7e017b40983129eb8760ef39ee39ee2b77d7d5c2
    Size: 52.79 kB
  2. pg_repack-1.5.1-1.module+el9+1069+0d0197d3.src.rpm
    MD5: 50bfa9e17a9f1574d20043ebd20ad921
    SHA-256: 5b3df576c7ca9ee2bc906511d306173979074982bf69c16248e84f38e8e3cbda
    Size: 105.44 kB
  3. pgvector-0.6.2-1.module+el9+1069+0d0197d3.src.rpm
    MD5: 8a8807fb9281000f4f2be2e74ddfd396
    SHA-256: 2be1b71cd6e1a2cf7014fbcaf75197092fd8935bb5b990e1b66050f215a235ac
    Size: 87.44 kB
  4. postgres-decoderbufs-2.4.0-1.Final.module+el9+1069+0d0197d3.src.rpm
    MD5: 24730599817ad382b3eb41d8184084aa
    SHA-256: 7af0e14d5694166ddf228f3b642d6479c420201f38b8711c248d21f6bddcfef5
    Size: 21.46 kB
  5. postgresql-16.8-1.module+el9+1069+0d0197d3.src.rpm
    MD5: c387db1a8093240433685db4cc28a26a
    SHA-256: a6fc95f3741966ed3864b74ad6f8b43b3160d377502774023c4ebe30d1d22730
    Size: 45.83 MB

Asianux Server 9 for x86_64
  1. pgaudit-16.0-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: aca89cfc6753323bce99ed6589b3a462
    SHA-256: 1927ea6d7a471fe63287d420d75f777f86a8887498b2eddec9ec2e7097d8b3dd
    Size: 27.76 kB
  2. pgaudit-debugsource-16.0-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 43939aed8546a1bc2b9ffece89f2ece7
    SHA-256: e2270ec6140f28a13909525c0c393e1e06c478f9b76b0c576910ee351fc79824
    Size: 22.85 kB
  3. pg_repack-1.5.1-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 95256a3ac008e1db90d6e702f45a1b82
    SHA-256: 4d3559fc6f749e49c638646119469991493e3a0d519b83a123d99fb8b1deb6f1
    Size: 92.33 kB
  4. pg_repack-debugsource-1.5.1-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 272653d725c0e8a494de03c5d0fc6618
    SHA-256: 2de08f1138029d4ce1921790f585bcd8480c683187279a86eea2d0a27c496460
    Size: 49.04 kB
  5. pgvector-0.6.2-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 47ece3337146705f8b0f21a2e26a760b
    SHA-256: a19859f95a1ebd738fa65e3e3642a75f92ef6bbe6c385baa51e28c5a2d93ccd1
    Size: 82.18 kB
  6. pgvector-debugsource-0.6.2-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: d87845871aee5d80b6a92525c11fb0d3
    SHA-256: 073fff92019cb898ef715b8209769a9fd9ca956ed2c08cc14f51c5d73128ddda
    Size: 54.77 kB
  7. postgres-decoderbufs-2.4.0-1.Final.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 11e2d9d852fc6fe6ad1aebbc90fbfc10
    SHA-256: 3d962d96a9fb6ba7dd0eb78b9b12fbf61d99d793885e9f55b9c6363437a3ccf1
    Size: 21.97 kB
  8. postgres-decoderbufs-debugsource-2.4.0-1.Final.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 36be6682a6a89fc32890883c68b6309a
    SHA-256: e93223fdb598e817651ab13e11362e439ad985edc157f4eee0ae38ede3309676
    Size: 16.56 kB
  9. postgresql-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 2fe3f5d32b7c0264dd7c8ec819742885
    SHA-256: 5d69955b7e7052b3c6946f42c6adae189a9554f00536536fb246c46c20751e85
    Size: 1.94 MB
  10. postgresql-contrib-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: dade9f92feae470aa047e1c6942c74dd
    SHA-256: b60f8467ba35abe1f90364936817e34b04e62827f92ac3fb95ece6d06b8f528e
    Size: 1.01 MB
  11. postgresql-debugsource-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: df8ee94efaf7d17b660cd5715331d1df
    SHA-256: b490160a545caa545394892a7624eff978c8c0e97a4e4056b725874d4ad06e4c
    Size: 16.95 MB
  12. postgresql-docs-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: eb12ef7a4819dcb9cede56d663838a70
    SHA-256: 9cf9b5f9c927aed0df0d46c74a16aa7379385a25e8315318b35340545b6bcc8d
    Size: 2.35 MB
  13. postgresql-plperl-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 071906a22d511b684fb6aa3487d5c7fd
    SHA-256: a7435bc73b0327d5ec6839bbc0078d66ebdc8a11a4a605896b2a05ab8e4ecb70
    Size: 80.54 kB
  14. postgresql-plpython3-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 51acc472434c40fddc865b6792331ca8
    SHA-256: a51ec21c87cdf759c443cae306065f24abf8a97cac0b4931f835328921acf6e4
    Size: 102.04 kB
  15. postgresql-pltcl-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 81dcb8902a51cbbb42cdd8487ff2c6ff
    SHA-256: 3432ee746a3fd6d3ddcf0a9f9f86cd3709f1d1274c93c9e01e56a135f97cf531
    Size: 53.57 kB
  16. postgresql-private-devel-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 5d6e24d7a77b8b9a4c3bb8e25e430ffd
    SHA-256: bf4248725e9fa7a4ce8a032e77ff7c6aa87c96b33074bdf5500b48a064ec37fe
    Size: 66.05 kB
  17. postgresql-private-libs-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 6fd47e56a50b077a04cafe20cfabccba
    SHA-256: f6ff8e2394828c600a555d7d33bb8e66071dee947708cc8825b67c5fe64dab83
    Size: 142.68 kB
  18. postgresql-server-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 9618d3fdf2347ad77e73e49d7d4aa317
    SHA-256: f0d99a57a0f1890a5d122839ae788a54d6f6981228de95002aaeaeb5e6f60743
    Size: 6.95 MB
  19. postgresql-server-devel-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 60a483b52897ff00e1bbc6903e20dd65
    SHA-256: 3d237fcdaaf9ad127abd1b363c0f59596aa490ee4a8621363d8f5a6b504c90b6
    Size: 1.48 MB
  20. postgresql-static-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 79bedb006a88cf84843ab5ab95fc7d98
    SHA-256: cb7404b1e510e64f59fb6f92e9aea49d5425537d7b036097739766df071401e7
    Size: 131.40 kB
  21. postgresql-test-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 7c1b8765d9977c7570b0bd7735d67d13
    SHA-256: d49912fc23b11bb7f702f6f261838a1565dfb4b7075f1d65a13d3ba31da9f84f
    Size: 1.77 MB
  22. postgresql-test-rpm-macros-16.8-1.module+el9+1069+0d0197d3.noarch.rpm
    MD5: ce135f701c2fd20066ca7163bd09d636
    SHA-256: cf03f2522c885aecd4efe71403d013427b1b28a1c804d88ce7193a5da4fbe443
    Size: 9.74 kB
  23. postgresql-upgrade-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 269ba60616f04c58ed9b11109b929432
    SHA-256: fc1113117cd2c132cf0d14ce4204480b82b7a17893d715d7d7e72977b318f069
    Size: 5.15 MB
  24. postgresql-upgrade-devel-16.8-1.module+el9+1069+0d0197d3.x86_64.rpm
    MD5: 379fbe5972ec55de58947a278e7a561d
    SHA-256: 52603572c8361a1c907789a2875302d79ff2db392ce7fe9d4c16b53499056723
    Size: 1.38 MB