postgresql:12 security update

エラータID: AXSA:2025-10832:01

Release date: 
Thursday, September 4, 2025 - 15:15
Subject: 
postgresql:12 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)
* postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.

Modularity name: "postgresql"
Stream name: "12"

Solution: 

Update packages.

CVEs: 
CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.4.0-7.module+el8+1903+7442463f.ML.1.src.rpm
    MD5: 7e2da442abf8767c1049ab70d694ca56
    SHA-256: 912646a920a1eb83d49f482c0d11042b90bb5548d70aa1362d9564bc3fcc5407
    Size: 42.40 kB
  2. pg_repack-1.4.6-3.module+el8+1903+7442463f.src.rpm
    MD5: 328b4021c1a0c7b18b4885df835557d4
    SHA-256: d52b7832bb6e20981e89b8acd8628770bc0454eecff4539910fe3dc7d6147b56
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1903+7442463f.src.rpm
    MD5: 804d70db0527cb21c7e3441829091b4f
    SHA-256: 1567cb5c2393607f12def145bad93073965b9bb346d4c859a952b0e323ddb01a
    Size: 21.13 kB
  4. postgresql-12.22-5.module+el8+1903+7442463f.src.rpm
    MD5: a443fc7987a60b4396901979ed949228
    SHA-256: f2e372b36859d5f56645aa36abc07b1c196798469b7bc6173866f9891f81ef08
    Size: 46.73 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.4.0-7.module+el8+1903+7442463f.ML.1.x86_64.rpm
    MD5: d8dbeba26e1befd5c4a87422de767e09
    SHA-256: 82b3e8a2520dd68c48e0fa210f056be7c85bd619a4f31c725eb2d5b35bf90f61
    Size: 27.10 kB
  2. pgaudit-debugsource-1.4.0-7.module+el8+1903+7442463f.ML.1.x86_64.rpm
    MD5: 838c38d71165faae83c3691fdcd33820
    SHA-256: 90617cebdf53f3fe6dd722a88fe33cfa1f1a55ec760a5e1f0896caa55df68f53
    Size: 23.04 kB
  3. pg_repack-1.4.6-3.module+el8+1903+7442463f.x86_64.rpm
    MD5: f93a5e8e97767f8ddcf37069f8be86dd
    SHA-256: 168538c84a0f4b7d2b0e2da84edfdef452346b4763a85421b391280dfb9b6352
    Size: 89.17 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1903+7442463f.x86_64.rpm
    MD5: 47a798110bea5ea300cb9b0d289280ee
    SHA-256: 8564459c5f032c87550618311950305825a662c79e22b6b95d3136f7683a1d8c
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1903+7442463f.x86_64.rpm
    MD5: c3443e3b951dc3d041a71e6679fedec0
    SHA-256: 19ecfafac982e22ea6a60e51ccc4f758cb4078daa5233f39b47d8a0385a79781
    Size: 21.83 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1903+7442463f.x86_64.rpm
    MD5: 8681beddd661fc92891bc7fb3df2e3c1
    SHA-256: 5b339cf22caa2857d3225d180e9d87d372110cd7144051c080fcb4ee1054fae7
    Size: 16.81 kB
  7. postgresql-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 0683ff1405e97ccb15bd9d4c3122324a
    SHA-256: 8a010a0e1be2d04ebc366da4f64750cfc4774d9da6d610154bb88f7454a4f7dd
    Size: 1.52 MB
  8. postgresql-contrib-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 13c7fdcfe82e586073df2b4b36720125
    SHA-256: 769ff95d31831509063c0be43c9cefe77d83d05ef3800adb1be9fb432645a02d
    Size: 874.30 kB
  9. postgresql-debugsource-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: c3e9ebca039b3117f36ffe0e1d518678
    SHA-256: 55f14d21773cc4a4fd2558e521b3b4aaab1dbaa3637d50bdc7f1ba2007d6c6c4
    Size: 16.99 MB
  10. postgresql-docs-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 37407ea3dd3e322b5975a91c664bacfd
    SHA-256: 8996f3978445c465610b68e3be92959a8c596c9f4ca524c4dea9e3e83af16638
    Size: 9.85 MB
  11. postgresql-plperl-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 7ae0a470a9b07f166e2b7aacf1e0f220
    SHA-256: 20593e45178ce2a870d5a6f52eba47be90453a5aef87f581f9967e502c532908
    Size: 110.23 kB
  12. postgresql-plpython3-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: acc4b93500e583827d7ebd23f1a5750c
    SHA-256: ee5a36a547b868e44d196a01a1b85260a219380a4ba163c63a2b664bde046ecb
    Size: 130.14 kB
  13. postgresql-pltcl-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: f643fb13cb5f34d3677449d07218ceec
    SHA-256: 6d9b9c13dd78a6652dd6cecb49dde90ea19e8ba6141f1dd52533e3a865106a9b
    Size: 85.65 kB
  14. postgresql-server-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 86e1c57a03483c8a44ccc991486980e6
    SHA-256: 22736c126eaab22d3250728cb174abeb4eec81f425b83eb2b5d3e08c416506d4
    Size: 5.56 MB
  15. postgresql-server-devel-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 161fe6a461ebddfbced367ee5564c0d3
    SHA-256: 600fb800b34d40db08d58130efb074880ca6a889366f2e207e0a15f7a4ef85cf
    Size: 1.23 MB
  16. postgresql-static-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 1ac857abf7a4702b8fa9e70cea061fce
    SHA-256: 0656b5dbd7c4be979c0fb1d6a8bd67f0904f96c44991f160474836f752e1184b
    Size: 175.44 kB
  17. postgresql-test-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 95b3ff4bc581ed67555596c3fd493736
    SHA-256: e2f21e31270360d4b0c2c13bfcbd6796441f7d8a0bc65ded5f036e81e9503e6f
    Size: 1.96 MB
  18. postgresql-test-rpm-macros-12.22-5.module+el8+1903+7442463f.noarch.rpm
    MD5: fec20f722bf45c092a835dcdb36b1528
    SHA-256: d5fe26ed9f318663e79f814db212c1c92ff521e4e65b266979640e18a64d9089
    Size: 53.41 kB
  19. postgresql-upgrade-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: b56429c2c2a12d283c335838b80894c4
    SHA-256: fb9a4b96fc2a860b8187f91a9a3ad5de4ffaad5ce997b79f26eb291e1f3ae9c4
    Size: 4.07 MB
  20. postgresql-upgrade-devel-12.22-5.module+el8+1903+7442463f.x86_64.rpm
    MD5: 0c1292f325de2c298dc1eee3a343309f
    SHA-256: 468b132cff6ea8fcf02e9105b775860c70e7899a78caa762638fe61d59132ab7
    Size: 1.13 MB