postgresql:16 security update
エラータID: AXSA:2025-9713:01
Release date:
Thursday, February 27, 2025 - 15:23
Subject:
postgresql:16 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text
that fails encoding validation (CVE-2025-1094)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Modularity name: "postgresql"
Stream name: "16"
Solution:
Update packages.
CVEs:
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Additional Info:
N/A
Download:
SRPMS
- pgaudit-16.0-1.module+el8+1857+f5d07a90.src.rpm
MD5: 86307b0dc21093076d95eb35b92f69c4
SHA-256: 901e012ddb564448de262f4314ac893ce4e867ddec5d28f95d33d7135a088adc
Size: 52.51 kB - pg_repack-1.5.1-1.module+el8+1857+f5d07a90.src.rpm
MD5: d779720d1d9166ed554c84bbedc6990e
SHA-256: 344db8293fc0dcae1eb087b74504dc63897c49c1acd0750a7d24c9f2822b7a48
Size: 104.88 kB - postgres-decoderbufs-2.4.0-1.Final.module+el8+1857+f5d07a90.src.rpm
MD5: f2d7c9d76e389eab28fc503bd8f73224
SHA-256: 4c432bcb96e570fd9b0beedef69c8b6286799f2507530af840084aed1ab6cea2
Size: 21.11 kB - postgresql-16.8-1.module+el8+1857+f5d07a90.src.rpm
MD5: e99656bf3d6d43540c8ec630441d4eab
SHA-256: 024b3746d5d1f34bf66587fd3802dcdce6eb578aaef5a19aa4d3bbf2e27300b5
Size: 45.83 MB
Asianux Server 8 for x86_64
- pgaudit-16.0-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 43e8166484c0bec00cbfc0265781d1a5
SHA-256: 83cb3bd85022b255be38bca830dba7ee301bf779b3516392bf8d821fec410c41
Size: 27.45 kB - pgaudit-debugsource-16.0-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 663cfbf637ee803a87b043bca719c14c
SHA-256: b895b58c09e9038761f5ee6cd30ebcbf31b7f6be89f233138ccfa10c32946f18
Size: 23.57 kB - pg_repack-1.5.1-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: fea645d7b0753d0e9e8b7fca04de2d1f
SHA-256: 99324618e9b86f6681b36c1c3613cbb47969dddc4e0dd12bc1109da0c8034e29
Size: 95.37 kB - pg_repack-debugsource-1.5.1-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: c02b1054e90455120b98d213ef8c2629
SHA-256: 8e2449e11d84dd5894a127409e454297441cc543e0fb5192effe318b73dbbbbb
Size: 50.82 kB - postgres-decoderbufs-2.4.0-1.Final.module+el8+1857+f5d07a90.x86_64.rpm
MD5: d3d9f50227d9c6d3252b2fc6eeb0aa06
SHA-256: a70b14333679b23bda43495b7223be6783314101de318ed71da126bc742bbc32
Size: 22.13 kB - postgres-decoderbufs-debugsource-2.4.0-1.Final.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 86096e0b5a2ec461c5b617c20b203cfc
SHA-256: ecffeea6af614a7a71555cfd09212440ef70533b05fe5881027a9fa9a3a17b7d
Size: 16.73 kB - postgresql-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: b7cab5108a16ef828bfadf5ae7276355
SHA-256: fd668d884fb0245856a8a8316261e99e4899f67d61d9f03f0b1363e440d22744
Size: 1.94 MB - postgresql-contrib-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 56587af4d6ffedb9937ca37bb546963b
SHA-256: 4c2985832d9fb29182caddee52f729d151277a99f3bce64aa16e0580b9503533
Size: 0.98 MB - postgresql-debugsource-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 4e73e6dbaff6d4c38fdef6730daba2e5
SHA-256: b44e5318271562fd885bace756120bfbd1a4bdf9be1c77b4a6be51d0d0f57e3a
Size: 19.86 MB - postgresql-docs-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: c92fb45aa61a19a8380347bfb7aaf84f
SHA-256: 6d03acaf8757d54e98903fe770204a696eb41bb6f5734bfbff8c898cece8fdcb
Size: 2.49 MB - postgresql-plperl-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: a09d25a5e0cbaa002dc2d567c5275327
SHA-256: 211304fad1554302b29ddb20d5f732667d6d33e28d1c7e64d1abfb50d861e502
Size: 75.01 kB - postgresql-plpython3-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: dc6a5c44c9b10def3f6aa8265c05a23e
SHA-256: f1910e9bb6767c09d037e611a5440c88fbd070a5af8438f1a9443db09f869deb
Size: 93.62 kB - postgresql-pltcl-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: b40e7de4197c76fdf3a7c1b4f7db599f
SHA-256: f2526621eabc66dbdfc590a73a57611aa72c4cc61af091edecca31c53f62c12e
Size: 46.34 kB - postgresql-private-devel-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 88421b01053f80b7ed71089dd706b5b7
SHA-256: 3a75c6d90b0c4ac690789867aa252bf212d49c0d6748391cc28fce7bb5e00357
Size: 63.28 kB - postgresql-private-libs-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: c87d9e5747283cf40bc7ec0606eee59f
SHA-256: 51c082405f9f9be40c19b186a5ca46c6c4efa8fb53c42e7b269a26c24cf5893d
Size: 135.15 kB - postgresql-server-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: b18c1de7097affc29abe3180e66ac3fe
SHA-256: 7557785314f6ec7d88d15e206e9854e2095869926ef2904f86e1ec10c679027d
Size: 6.87 MB - postgresql-server-devel-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: 09814d8d96e51e73c73ef784e9df90b2
SHA-256: 9474fadbc93a8d75ca657aded3cf0484bca852adeed6b19eb7e9e9c8c35e0404
Size: 1.40 MB - postgresql-static-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: ed8b86569cf95ffe8a25357f5afc6fe3
SHA-256: 654fb1af144063038cdba49f0a66e5b6e1fddbfe9b61d22b9504fcdcc2aa13be
Size: 155.84 kB - postgresql-test-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: e5d9ea97fd9ea9b301335e528d59c21b
SHA-256: fa0156a772b2c984958aa2cfe1f62f4afc68c93bd391902b23f53edbbac05538
Size: 2.23 MB - postgresql-test-rpm-macros-16.8-1.module+el8+1857+f5d07a90.noarch.rpm
MD5: 03d57913fa1ca4bd28ac3d20634100d3
SHA-256: 2e90a34931455a3cd63c5bdb7bf81ca33ea344ebbed53da1e98cbb6994691f68
Size: 9.97 kB - postgresql-upgrade-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: b84d7067a84b1193f2c7cb6df4cc12bf
SHA-256: 8f213689aa765d83e55f2ad5631a0d71e73d70fb9f2042de16f377baeaf58407
Size: 4.89 MB - postgresql-upgrade-devel-16.8-1.module+el8+1857+f5d07a90.x86_64.rpm
MD5: afccfc35e5de315c55181f74d7b9bbfc
SHA-256: cbd88cc1cfbf5a65f5a0f7166a5de04407ad55503d93c8ad0c4acf2c29e9c2ee
Size: 1.32 MB
日本語