postgresql:13 security update
エラータID: AXSA:2025-9711:01
リリース日:
2025/02/27 Thursday - 13:08
題名:
postgresql:13 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の libpq の PQescapeLiteral()、
PQescapeIdentifier()、PQescapeString()、および
PQescapeStringConn() 関数には、client_encoding 値が BIG5、
かつ server_encoding 値が EUC_TW または MULE_INTERNAL
のいずれかの場合、引用構文を誤って無効化してしまう問題が
あるため、リモートの攻撃者により、細工されたアプリケー
ションの実行を介して、SQL インジェクションを可能とする
脆弱性が存在します。(CVE-2025-1094)
Modularity name: postgresql
Stream name: 13
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.5.0-1.module+el8+1855+1ca602af.src.rpm
MD5: f738f05bd8aa1d7bb230032dbe8b5115
SHA-256: 60bf12e3fc2c50242c9291a2f91a12779b1547a44980cba2d402183e0ea34d20
Size: 42.60 kB - pg_repack-1.4.6-3.module+el8+1855+1ca602af.src.rpm
MD5: 460e29c797296c1ca979d3ae16770221
SHA-256: 02f92d14a8a692e09fe7037f98c7043317841c7c8b84badca6c5676f662ce960
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1855+1ca602af.src.rpm
MD5: 1a23f56813f52d40641ff1d8413f63e5
SHA-256: 32d664802f5f9f111386f9a4d405ea2fc74de32f6dc2bc8709ae11ff18141143
Size: 21.13 kB - postgresql-13.20-1.module+el8+1855+1ca602af.src.rpm
MD5: 0435916edfefe04a7c7c152459a1ea13
SHA-256: daf572de0e3b81e13b41603b4217639868fc221cf5483f6a353f1b7b9523e3ab
Size: 48.87 MB
Asianux Server 8 for x86_64
- pgaudit-1.5.0-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: fee1aed82a920a98aec161ab02c04f8d
SHA-256: 32425ee4067071ec41cb658b992425d184690427598039b14f6f560eb2f0b141
Size: 27.03 kB - pgaudit-debugsource-1.5.0-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: dd9566ea13e8a54343ca09f1c2d0ea44
SHA-256: bc3031affc0648afc7c882a019cc6cbcdcd00fe7802f7aab05f28a39482c78ca
Size: 22.80 kB - pg_repack-1.4.6-3.module+el8+1855+1ca602af.x86_64.rpm
MD5: 1d07ffe0274da5bd916ccefb18f14f5a
SHA-256: 3fc065f44edf10143016633e9df5459d15ff777ae9b56c2b02dc19d14f897b3a
Size: 89.71 kB - pg_repack-debugsource-1.4.6-3.module+el8+1855+1ca602af.x86_64.rpm
MD5: a61d64c1dd13a1f6c673e26bc62a7840
SHA-256: a5b3540bf5e618e8dc9cb03944d9383ca124fed8df6360cba00b424ce7ffc0a3
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1855+1ca602af.x86_64.rpm
MD5: de9e3d4e1423c4e35763f2f53ddcc215
SHA-256: bd323fb4e4c6f5e1ad306192904a1d1566ce15b5806fa50330b0fb260ced67a7
Size: 21.90 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1855+1ca602af.x86_64.rpm
MD5: 5b775778302cc36fa0eb6f4ab2a8b450
SHA-256: 0a3494b3f4ad0c8ffe6b24af45f17cba91d02b047ca92d9d60583732f4a86c64
Size: 16.81 kB - postgresql-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 291c0396680bcc08fd7d027ddb967d46
SHA-256: f937d4f0abe490ffb864bcbde844a7bf4658d4f613cc2ddae34010829f7dd276
Size: 1.56 MB - postgresql-contrib-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: b4d7c7238ff8d1755516d594c33b6cba
SHA-256: 03c5d20d10f1e109ccb73dfdbe2e26c5fd8e5fa9083dc97dcea6b18ddeb265a8
Size: 882.79 kB - postgresql-debugsource-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 068928994d645e78b7197bbd08fcf87b
SHA-256: 07864f141065002f44425e6d005d3f2272a3f3b848bcaf7f1dfea451ac5a6d92
Size: 17.87 MB - postgresql-docs-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 780239e19976e5d48e453936279b820a
SHA-256: 80946cccc55c483efe81db1c73865a90fad2158b4c4051b3130d003c523230e0
Size: 9.91 MB - postgresql-plperl-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 94376f6ab6c0957f7ea54d2aa6dfdc0d
SHA-256: 3112b62d7e5df836146ab89b8fab7d173f0081b9ceaf573ebff829cf8ef9d64d
Size: 112.80 kB - postgresql-plpython3-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 08de782796782e848edb6cc0fb40c8a5
SHA-256: 3a0179b4b093adb04ee8c6a42addd28b663f585d634a25ff58d8fbe6062470f0
Size: 129.16 kB - postgresql-pltcl-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: e44a11127c81b652a054cefdb569bf2b
SHA-256: 8d7cf47e317626699b2f54ea7caed07ff9384bf99fd2079d145bc3a267362404
Size: 85.75 kB - postgresql-server-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: d126adb3e1d2f4db06de59db907396b9
SHA-256: d8d46b40f84f0f8c3246002e49b3e4e8ef05b7d1cbd92898fac46a87d9af702d
Size: 5.60 MB - postgresql-server-devel-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 4c5dcb5f44ab7292a0bd173311040d68
SHA-256: 61a73e40be82634867a95bd1b65ca11ad81c3f7313de4b0ac2f4b13e26367945
Size: 1.26 MB - postgresql-static-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 530ee4a70933946f770b703b656a45cf
SHA-256: fbb39a5463268fe6de4f54b0cc73e419b33f3dd43f7f7b4014de8a53ed15d680
Size: 190.41 kB - postgresql-test-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: c4ebbb03e2298b94930d3eb31409eb2b
SHA-256: 77d92b496e95a69eb7ae29c3a3a10c266cb253a4dd9e7f654435dab8a2468f0b
Size: 2.04 MB - postgresql-test-rpm-macros-13.20-1.module+el8+1855+1ca602af.noarch.rpm
MD5: d4888b4581793d314802cd163ab25669
SHA-256: 0109bcfd499afca35cef746ff3571f71e3fb9af87fd0ea6c612d241f37bc0025
Size: 53.07 kB - postgresql-upgrade-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: 29a0045d1a0235b491f7e1807fe28afa
SHA-256: 71253de03f275d8430436635ca461cbd3e46b2f36d81bd39e92a461bea7d7d59
Size: 4.39 MB - postgresql-upgrade-devel-13.20-1.module+el8+1855+1ca602af.x86_64.rpm
MD5: e18f12dcd38f0aa4a7c3f648731cd1db
SHA-256: 683fd170116c3ee48b800646782b68dacd3d0af26ea8aaf9980efc8177830270
Size: 1.18 MB