[security - high] postgresql:16 security update, postgresql-16.10-1.module+el9+1101+10d989af

エラータID: AXSA:2025-10800:01

Release date: 
Monday, September 1, 2025 - 21:24
Subject: 
[security - high] postgresql:16 security update, postgresql-16.10-1.module+el9+1101+10d989af
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)
* postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.

Modularity name: "postgresql"
Stream name: "16"

Solution: 

Update packages.

CVEs: 
CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-16.0-1.module+el9+1101+10d989af.src.rpm
    MD5: 6653272556fe8aba2ffaf35d5ef13962
    SHA-256: 66c736fbd9a14acafd985c594b1c672d58e9db0e51b6f9f52a33adbb624d07be
    Size: 52.79 kB
  2. pg_repack-1.5.1-1.module+el9+1101+10d989af.src.rpm
    MD5: ab8765bf7b7d59e28bb23c501fc68121
    SHA-256: 42f792205e1c025bb44de81072a5b6f1a6af4c4ac035daaf06b85c70fa95a0f0
    Size: 105.44 kB
  3. pgvector-0.6.2-2.module+el9+1101+10d989af.src.rpm
    MD5: 298d153bf33ebb8d50e6dfbfa3780adc
    SHA-256: b4474d0ce0a43126578537996464a6abf603084f4e20f424d76f044e16f11a10
    Size: 87.64 kB
  4. postgres-decoderbufs-2.4.0-1.Final.module+el9+1101+10d989af.src.rpm
    MD5: 10139708f61352d4692fd8103a6481ed
    SHA-256: c3ec4d14a440ba8f12c45590f015d13d78434ab5271c0c2550bfd966cb713964
    Size: 21.45 kB
  5. postgresql-16.10-1.module+el9+1101+10d989af.src.rpm
    MD5: 4dd857f994495b85ad4fa2525a4985c2
    SHA-256: b38994214fcd7714b8953ba8fdd26a9fdb60f67b3919e750f2e0b2d5e4c0e2b2
    Size: 45.94 MB

Asianux Server 9 for x86_64
  1. pgaudit-16.0-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 00a985112b97cdbf34133b81024d5171
    SHA-256: 43931b4f3c992b0691d507c10b6f9ceab67f6cd1af2aa183fd1d72f411787cfb
    Size: 27.62 kB
  2. pgaudit-debugsource-16.0-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 7e7a7b1960ce4dcc258708cc4ab154bb
    SHA-256: cbb12209860f20c4244c9f9535497422c006a9b2bd0f8b72dc4fdff4de695e48
    Size: 22.84 kB
  3. pg_repack-1.5.1-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 274dcad2179cfdae7640e237d8e8596a
    SHA-256: 1e7ebf00c637d8731513276cbcd3793dda342d16aef42b0d770087bc5a80334b
    Size: 91.85 kB
  4. pg_repack-debugsource-1.5.1-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: a8a531c67c8c3c2b2813ec186b720bbc
    SHA-256: 73a38e70c36797e71975fe0dada588c5043b2825b77f85ba50af5636594a8d26
    Size: 49.04 kB
  5. pgvector-0.6.2-2.module+el9+1101+10d989af.x86_64.rpm
    MD5: 61a72a1e22d542198b97c06fdba610d7
    SHA-256: 547d588e3fe6fa38ec0959a80b7043e92a0cd59a3afe928d8bee5deaf3774e5e
    Size: 80.66 kB
  6. pgvector-debugsource-0.6.2-2.module+el9+1101+10d989af.x86_64.rpm
    MD5: ca4500dc7f2122e404ab7594b1cc553b
    SHA-256: 733021815fabf8bb2a59944db871982a29947ee79fc6b4dd71f6d73d84df5c5d
    Size: 54.88 kB
  7. postgres-decoderbufs-2.4.0-1.Final.module+el9+1101+10d989af.x86_64.rpm
    MD5: 7461921c9f2c1ad6b1e3e738778b6f01
    SHA-256: 9999d29fcb49c738002df54ba332e5e2f1beb033d9c7caba091954d36cd8ab1c
    Size: 21.82 kB
  8. postgres-decoderbufs-debugsource-2.4.0-1.Final.module+el9+1101+10d989af.x86_64.rpm
    MD5: 8a95773209c47abae25cf76e7cce0370
    SHA-256: 2d13a1a77bc2e3a3748df2980e4c00f77cb893f602ac34d9fe98b0508548011a
    Size: 16.54 kB
  9. postgresql-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 02c0570943245728dc71c6f3180cb16b
    SHA-256: e7006342b714d89a5e10e245d287ddbedea3cba4fa4be591345e700159c445ab
    Size: 1.94 MB
  10. postgresql-contrib-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: d13cba7196304a766cef7ed78cc74c7a
    SHA-256: 91b96ee870d551881b08b048f088822502151c84ef9b31ab1ecbdf6c15bdcf32
    Size: 1.01 MB
  11. postgresql-debugsource-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 90ea7830982a41c830af0f3b0f3a3a94
    SHA-256: 502978bbee3efd44a5d26a6516b6b21012489497082ce35a8d3484f172b53e94
    Size: 16.98 MB
  12. postgresql-docs-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 32104855cfd6794e2e61b5e1b4adf2bd
    SHA-256: db040147947f6e4f2e91d864e5b6612cbb8c909a2c1d45b93e6d71cb8acc734b
    Size: 2.36 MB
  13. postgresql-plperl-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 447e046115e17df9e7525a26b8164ce4
    SHA-256: 4eadc2dd6e485418aecc028e4d5b83b0e691f9f54c1e3cbb5044558e3cb6071e
    Size: 80.36 kB
  14. postgresql-plpython3-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: c0a80e06141d7dbe45c123f89091aa57
    SHA-256: 361b4dacae8763fa99a10802562268d4fb22de58433168bdc56a593068e89ad3
    Size: 101.90 kB
  15. postgresql-pltcl-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 982ecef931c7972be6e8ffd723af39b9
    SHA-256: 3f77d60f2fcfdf181f852b8b101bf7233967db690e79172a6ed3968cfbff607c
    Size: 53.47 kB
  16. postgresql-private-devel-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: d8bc97db2756f53c264d6c2e64399d2d
    SHA-256: ef627057f003ed00294d5755fb5c3f7e33ae033f5684e92889e08d7d3be7bdd0
    Size: 65.99 kB
  17. postgresql-private-libs-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 9b8ec3d310884688d2370ab72bdd010e
    SHA-256: 81929ad3ad61ae067154be63d8e40c4ccea764a353dd728c6cd76d74f2fd6842
    Size: 142.44 kB
  18. postgresql-server-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: d9bbadc1ba2ee0874f2db77e671f1f16
    SHA-256: 0786bca027b7897beb0621106b91f8ee675996ab0307a71b19f91750ff43c785
    Size: 7.02 MB
  19. postgresql-server-devel-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 1f99e9a68afd300fbad88f422e03a005
    SHA-256: fedee3111f1f0cbc189618c61b69e455088403571a61a6749468cc9ffde1d549
    Size: 1.48 MB
  20. postgresql-static-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 0373e966cb61a032adec04718523d9fd
    SHA-256: 3bb10269c2fb29325d347f27d6cfba6bf1224f946532d83ba7df66687f72e207
    Size: 131.24 kB
  21. postgresql-test-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 52c15ca96e2c36b16a2804d84f9de13d
    SHA-256: 8e8a5ec0f8433ad149c89b99e7256c6c7722c17b659162a7fd1de1bd91dc8aaa
    Size: 1.78 MB
  22. postgresql-test-rpm-macros-16.10-1.module+el9+1101+10d989af.noarch.rpm
    MD5: 68147bf0168472c71495716ff6bb7dcd
    SHA-256: 45c41cf485cc491e8f6066aff9f4847b409330a04ea0eb624838610726dfa2c6
    Size: 9.67 kB
  23. postgresql-upgrade-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 4088344cc493296bcaeb997b16ae516d
    SHA-256: 51791e475153e3362e3db5f1727b780767ab4f3be395ed445ff510347453884f
    Size: 5.14 MB
  24. postgresql-upgrade-devel-16.10-1.module+el9+1101+10d989af.x86_64.rpm
    MD5: 443333b2ed403a862d294dd849a0f46f
    SHA-256: 04c79b28d9154dbbb72e18abf412d64e08a57f464769322ef6863c2352a548b7
    Size: 1.38 MB