postgresql:15 security update

エラータID: AXSA:2025-9712:01

リリース日: 
2025/02/27 Thursday - 14:29
題名: 
postgresql:15 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PostgreSQL の libpq の PQescapeLiteral()、
PQescapeIdentifier()、PQescapeString()、および
PQescapeStringConn() 関数には、client_encoding 値が BIG5、
かつ server_encoding 値が EUC_TW または MULE_INTERNAL
のいずれかの場合、引用構文を誤って無効化してしまう問題が
あるため、リモートの攻撃者により、細工されたアプリケー
ションの実行を介して、SQL インジェクションを可能とする
脆弱性が存在します。(CVE-2025-1094)

Modularity name: postgresql
Stream name: 15

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pgaudit-1.7.0-1.module+el8+1856+40960f24.src.rpm
    MD5: 1d61af14007eb13f8452223b3c4f1d98
    SHA-256: 5f40fa36ea20c9876d037dd7d8b2aa1bb689f351178e369789e667ae0bce706c
    Size: 52.57 kB
  2. pg_repack-1.4.8-1.module+el8+1856+40960f24.src.rpm
    MD5: ad7215310ea18bf940db637ad2ed561a
    SHA-256: 20a14fb5d4626c04d2d3e7018d40b33ec7ff44b27e2ce5291be85991c17ff649
    Size: 102.55 kB
  3. postgres-decoderbufs-1.9.7-1.Final.module+el8+1856+40960f24.src.rpm
    MD5: 6ced048d64ec2c8c05f7a38cd0e4a30a
    SHA-256: ae2933b88661ec4014eeb35e040cddf4ab9f416e9760228930ca6b18ff82bec8
    Size: 23.30 kB
  4. postgresql-15.12-1.module+el8+1856+40960f24.src.rpm
    MD5: e54fadfe046cf540890b4854c29027f0
    SHA-256: 13d86f0f40169fe85409d709c2170079b196653ed7b7b699ec74e4b3aa83074a
    Size: 50.95 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.7.0-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 9f01b26acfb714f7741d7a740d2e9c73
    SHA-256: d41fa27c03264fd7bfb68e9e806996cb351f86c76fb2d230fc2604275a0bdfbb
    Size: 28.32 kB
  2. pgaudit-debugsource-1.7.0-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 3b40159818c57c3c947727ec31ef888a
    SHA-256: 922c5852b01b05f1d058298cc507a754c913e36c67e361bab9358ea1e2a4f814
    Size: 24.12 kB
  3. pg_repack-1.4.8-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 2d1fae1b1bdecfe91aac81cfedd2370f
    SHA-256: 27bc0c891f41478dafd92b50c4627e4ac3dbbb39c82bdb50e34590e72e9ca457
    Size: 94.40 kB
  4. pg_repack-debugsource-1.4.8-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 393ef74c1985c0023d7ccd14e6605124
    SHA-256: 6068414e3539d33b2feaae0fe0224f2f0e1dc917a56e679521715e57e9ce0257
    Size: 50.55 kB
  5. postgres-decoderbufs-1.9.7-1.Final.module+el8+1856+40960f24.x86_64.rpm
    MD5: ef8479950b7bcb847b6688b21f9da53f
    SHA-256: 00a544fb26b1b26873bc128112393407d1f02e76da7fff373168d9a7db2b2597
    Size: 23.82 kB
  6. postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8+1856+40960f24.x86_64.rpm
    MD5: dee06e71a9d4c0ce0b01eb47cba7df8c
    SHA-256: 77f8081c916bb39a83a3601d1146b4b3b790423319d2fd224437bb153c708103
    Size: 18.27 kB
  7. postgresql-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 764bf0f314e8bc929fc61a413145db7a
    SHA-256: 6763d1c6effd786ce60745d13041003e44675e6d370a6c038bd3e61f659c15b4
    Size: 1.72 MB
  8. postgresql-contrib-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: e9d7494f44092d24fd983653f1286e90
    SHA-256: 706573367d6abf09e7e5717c364df2f577e42e2684b108b1229644fb6e1f7471
    Size: 968.20 kB
  9. postgresql-debugsource-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 7bbdacd7c348df29f4709bfedfdcda2d
    SHA-256: 0d843c6b325c95730034e9148e52b639b77da27c13f98ba64b85ce1b37912160
    Size: 18.92 MB
  10. postgresql-docs-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 85a53d97dfd24583b39f79bfd0a4e7ba
    SHA-256: cf97911044c8c51e964f5eb421f176f303f3c692358086dd40bf4bfadfec71e9
    Size: 10.28 MB
  11. postgresql-plperl-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 252ef68536c405831057aa47f9061e2f
    SHA-256: 07dc4f8119883fcefed0abba6d8a6e526ace3953f72619962859eea92868e410
    Size: 72.94 kB
  12. postgresql-plpython3-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 7a820408cbc231aeb1c66b6e8518119b
    SHA-256: 70bbf99a88847e2cdb86cca63490e7b63d480012d2d3cd5adb4fae2b90e4c155
    Size: 92.26 kB
  13. postgresql-pltcl-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: b218688ded3d44b86895ebf13c61a169
    SHA-256: f20fd725cc4976729173c96297bf0a6930e3be404e6bf8357795703454697042
    Size: 45.18 kB
  14. postgresql-private-devel-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: c6cbf7f06a15653c60109d3c317ee491
    SHA-256: 5075d619968f6da9e2bf2665f4746f6a333753ad90622cf6de162478fbfcdd60
    Size: 64.41 kB
  15. postgresql-private-libs-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 62389c186e53e1565962a62da7307ae7
    SHA-256: 719c9a41c6b465a690b4fed3b975c4fa893058cae1fcc98f9b2cab3c007a3b36
    Size: 132.19 kB
  16. postgresql-server-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: a0afb0c6d9a3d616609b4653f8e2c7b5
    SHA-256: 81c321e224f4200d89b6c50272c23bb13d4290d3dc8825422116a878d4e5986f
    Size: 6.14 MB
  17. postgresql-server-devel-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 99e1d647e2b56f10cb2c7a722ac8d820
    SHA-256: 4c834b8e19eb5df0b5c8656a9c2ca150016fe9537a26dd09bf6f0e4c3be43b08
    Size: 1.37 MB
  18. postgresql-static-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: a8b3ef4b1bd55f7893bcb67ed2df03f0
    SHA-256: f0c33dc2acec86a36f1a09389215cf9b55191f548ca2c0bde965516696b36616
    Size: 153.06 kB
  19. postgresql-test-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 4e7535ff86a018012d2ae06207d34700
    SHA-256: b540c7a8a1cb66eb079958afc4d5161cecfb8884f81bd4d693fc0cbfb483480e
    Size: 2.16 MB
  20. postgresql-test-rpm-macros-15.12-1.module+el8+1856+40960f24.noarch.rpm
    MD5: 8b28a1c279a868b45ae0b12bd1ac9cf4
    SHA-256: f89b7d965ea1c860781354d1c221deaf3597b42ff58ea86ac844608b8aad0956
    Size: 9.94 kB
  21. postgresql-upgrade-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: 6d3ed4a356b3d4475c06acc2d77fdfb4
    SHA-256: 6aad9a1d64b51a797ce4c7d5b6974bd1f22cfc779d7a53eccbb9cf1c366a863e
    Size: 4.51 MB
  22. postgresql-upgrade-devel-15.12-1.module+el8+1856+40960f24.x86_64.rpm
    MD5: d0ff8ab6652cc9ccbbebbe0becdb8095
    SHA-256: 12cfbb35584d8d3861b06fb890972bd00c0b07b6ee17efee16e0d4a49062e51b
    Size: 1.18 MB