postgresql:13 security update

エラータID: AXSA:2025-9711:01

Release date: 
Thursday, February 27, 2025 - 13:08
Subject: 
postgresql:13 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.

Modularity name: "postgresql"
Stream name: "13"

Solution: 

Update packages.

CVEs: 
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.5.0-1.module+el8+1855+1ca602af.src.rpm
    MD5: f738f05bd8aa1d7bb230032dbe8b5115
    SHA-256: 60bf12e3fc2c50242c9291a2f91a12779b1547a44980cba2d402183e0ea34d20
    Size: 42.60 kB
  2. pg_repack-1.4.6-3.module+el8+1855+1ca602af.src.rpm
    MD5: 460e29c797296c1ca979d3ae16770221
    SHA-256: 02f92d14a8a692e09fe7037f98c7043317841c7c8b84badca6c5676f662ce960
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1855+1ca602af.src.rpm
    MD5: 1a23f56813f52d40641ff1d8413f63e5
    SHA-256: 32d664802f5f9f111386f9a4d405ea2fc74de32f6dc2bc8709ae11ff18141143
    Size: 21.13 kB
  4. postgresql-13.20-1.module+el8+1855+1ca602af.src.rpm
    MD5: 0435916edfefe04a7c7c152459a1ea13
    SHA-256: daf572de0e3b81e13b41603b4217639868fc221cf5483f6a353f1b7b9523e3ab
    Size: 48.87 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.5.0-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: fee1aed82a920a98aec161ab02c04f8d
    SHA-256: 32425ee4067071ec41cb658b992425d184690427598039b14f6f560eb2f0b141
    Size: 27.03 kB
  2. pgaudit-debugsource-1.5.0-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: dd9566ea13e8a54343ca09f1c2d0ea44
    SHA-256: bc3031affc0648afc7c882a019cc6cbcdcd00fe7802f7aab05f28a39482c78ca
    Size: 22.80 kB
  3. pg_repack-1.4.6-3.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 1d07ffe0274da5bd916ccefb18f14f5a
    SHA-256: 3fc065f44edf10143016633e9df5459d15ff777ae9b56c2b02dc19d14f897b3a
    Size: 89.71 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1855+1ca602af.x86_64.rpm
    MD5: a61d64c1dd13a1f6c673e26bc62a7840
    SHA-256: a5b3540bf5e618e8dc9cb03944d9383ca124fed8df6360cba00b424ce7ffc0a3
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1855+1ca602af.x86_64.rpm
    MD5: de9e3d4e1423c4e35763f2f53ddcc215
    SHA-256: bd323fb4e4c6f5e1ad306192904a1d1566ce15b5806fa50330b0fb260ced67a7
    Size: 21.90 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 5b775778302cc36fa0eb6f4ab2a8b450
    SHA-256: 0a3494b3f4ad0c8ffe6b24af45f17cba91d02b047ca92d9d60583732f4a86c64
    Size: 16.81 kB
  7. postgresql-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 291c0396680bcc08fd7d027ddb967d46
    SHA-256: f937d4f0abe490ffb864bcbde844a7bf4658d4f613cc2ddae34010829f7dd276
    Size: 1.56 MB
  8. postgresql-contrib-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: b4d7c7238ff8d1755516d594c33b6cba
    SHA-256: 03c5d20d10f1e109ccb73dfdbe2e26c5fd8e5fa9083dc97dcea6b18ddeb265a8
    Size: 882.79 kB
  9. postgresql-debugsource-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 068928994d645e78b7197bbd08fcf87b
    SHA-256: 07864f141065002f44425e6d005d3f2272a3f3b848bcaf7f1dfea451ac5a6d92
    Size: 17.87 MB
  10. postgresql-docs-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 780239e19976e5d48e453936279b820a
    SHA-256: 80946cccc55c483efe81db1c73865a90fad2158b4c4051b3130d003c523230e0
    Size: 9.91 MB
  11. postgresql-plperl-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 94376f6ab6c0957f7ea54d2aa6dfdc0d
    SHA-256: 3112b62d7e5df836146ab89b8fab7d173f0081b9ceaf573ebff829cf8ef9d64d
    Size: 112.80 kB
  12. postgresql-plpython3-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 08de782796782e848edb6cc0fb40c8a5
    SHA-256: 3a0179b4b093adb04ee8c6a42addd28b663f585d634a25ff58d8fbe6062470f0
    Size: 129.16 kB
  13. postgresql-pltcl-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: e44a11127c81b652a054cefdb569bf2b
    SHA-256: 8d7cf47e317626699b2f54ea7caed07ff9384bf99fd2079d145bc3a267362404
    Size: 85.75 kB
  14. postgresql-server-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: d126adb3e1d2f4db06de59db907396b9
    SHA-256: d8d46b40f84f0f8c3246002e49b3e4e8ef05b7d1cbd92898fac46a87d9af702d
    Size: 5.60 MB
  15. postgresql-server-devel-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 4c5dcb5f44ab7292a0bd173311040d68
    SHA-256: 61a73e40be82634867a95bd1b65ca11ad81c3f7313de4b0ac2f4b13e26367945
    Size: 1.26 MB
  16. postgresql-static-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 530ee4a70933946f770b703b656a45cf
    SHA-256: fbb39a5463268fe6de4f54b0cc73e419b33f3dd43f7f7b4014de8a53ed15d680
    Size: 190.41 kB
  17. postgresql-test-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: c4ebbb03e2298b94930d3eb31409eb2b
    SHA-256: 77d92b496e95a69eb7ae29c3a3a10c266cb253a4dd9e7f654435dab8a2468f0b
    Size: 2.04 MB
  18. postgresql-test-rpm-macros-13.20-1.module+el8+1855+1ca602af.noarch.rpm
    MD5: d4888b4581793d314802cd163ab25669
    SHA-256: 0109bcfd499afca35cef746ff3571f71e3fb9af87fd0ea6c612d241f37bc0025
    Size: 53.07 kB
  19. postgresql-upgrade-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: 29a0045d1a0235b491f7e1807fe28afa
    SHA-256: 71253de03f275d8430436635ca461cbd3e46b2f36d81bd39e92a461bea7d7d59
    Size: 4.39 MB
  20. postgresql-upgrade-devel-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
    MD5: e18f12dcd38f0aa4a7c3f648731cd1db
    SHA-256: 683fd170116c3ee48b800646782b68dacd3d0af26ea8aaf9980efc8177830270
    Size: 1.18 MB