postgresql:12 security update
エラータID: AXSA:2025-9814:01
リリース日:
2025/03/31 Monday - 21:20
題名:
postgresql:12 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL の libpq の PQescapeLiteral()、PQescapeIdentifier()、
PQescapeString()、および PQescapeStringConn() 関数には、
client_encoding 値が BIG5、かつ server_encoding 値が EUC_TW
または MULE_INTERNAL のいずれかの場合、引用構文を誤って
無効化してしまう問題があるため、リモートの攻撃者により、細工
されたアプリケーションの実行を介して、SQL インジェクション
を可能とする脆弱性が存在します。(CVE-2025-1094)
Modularity name: postgresql
Stream name: 12
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.4.0-7.module+el8+1858+fbedf1f0.ML.1.src.rpm
MD5: e5f4c3ab7b46e62d4c07a02829d3caa6
SHA-256: da69b9853a7328f7d6c1a35adcd32fb25207302e020ac7b312a5f8584506058a
Size: 42.40 kB - pg_repack-1.4.6-3.module+el8+1858+fbedf1f0.src.rpm
MD5: 7046a942b2e0d58b4a02ce6790b8c5c9
SHA-256: 7cd546379ed1b4e5784e632659ab1292b69a707f22069e52842ecdaaff751f50
Size: 100.99 kB - postgres-decoderbufs-0.10.0-2.module+el8+1858+fbedf1f0.src.rpm
MD5: 815bd7fb2c9f988afeaca32b8fb84ec0
SHA-256: e29407797f80223478d159f76d2bfe09e520bc711b7a5c22f519f53e5744cee7
Size: 21.13 kB - postgresql-12.22-3.module+el8+1858+fbedf1f0.src.rpm
MD5: 954ddce9ca22e65565edcfbca3150811
SHA-256: 5e911358744652601062f3f939bf23bfc5ea7a2758590d00bd38c6f12c3073ff
Size: 46.73 MB
Asianux Server 8 for x86_64
- pgaudit-1.4.0-7.module+el8+1858+fbedf1f0.ML.1.x86_64.rpm
MD5: 5b822db0b4af3d45b591449aca14db48
SHA-256: 3132065d2d6e16cf7335ce134ecbe43ef09b34412a065bdf82b5f27c41c4eacf
Size: 27.10 kB - pgaudit-debugsource-1.4.0-7.module+el8+1858+fbedf1f0.ML.1.x86_64.rpm
MD5: 2d2906e3d3381599b1e1aeb3020243b6
SHA-256: 2f30334d4bd65031ff212d1f98581dff4b45b4cb7920afded26735149c8bf011
Size: 23.04 kB - pg_repack-1.4.6-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: f125a069a2a299888b0e45f46809a146
SHA-256: 78cccbf93d39c53c2c774baf81ca682e7824f358f8b77414dd37f2fa61d96854
Size: 89.17 kB - pg_repack-debugsource-1.4.6-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 751e117a6f536ca4352dbc6a67c76329
SHA-256: 1113437a65978a2961263ae910686d522e220203c2f716afca3017a6e2167501
Size: 49.69 kB - postgres-decoderbufs-0.10.0-2.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: a7a9d21354d50868837eb75d0fb80e9d
SHA-256: d5154bd9e75a7a0fef1c537a8755cea68b4671a4e4a4eb39b7fbc533784f458f
Size: 21.83 kB - postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 5496ff396158d15749791b8f65c14862
SHA-256: 06d5cc3e35c691f00b797361f55d49649a82119e1b02eb88681b206aac9c2eb1
Size: 16.81 kB - postgresql-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 4dd2a2b26050243f01744c8aa34ac61a
SHA-256: 30b84cb74e2c244f92d533cbc11ddd54d0ff81b843adbf8f50fe379da1f31518
Size: 1.52 MB - postgresql-contrib-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 04295a33da1856838ed994635b325c85
SHA-256: f248f2a76c13a899d6767a4b190171e8c98a8b044594edc8d647a70eef88ccf1
Size: 874.19 kB - postgresql-debugsource-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 49d6af6ef7bbe7050b540d6758ab12b6
SHA-256: 475eb7dfa1566384f8694cf8644cbcaf68cadce8f318b01291ec67d2b7f7c785
Size: 16.99 MB - postgresql-docs-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: cb4d1531d121c0db1fe8fa865550cbf6
SHA-256: 7fee395adc35001b0b02ea69f4fb496cf6b1b844c75569ce1629a20c37a0cd90
Size: 9.85 MB - postgresql-plperl-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 46fa07aaec291e4fa8419e1a7c4dca35
SHA-256: afc26169ce58d632ceeb3d1e162939c94d5bc91f34c4d2f6fcc1c2b0faecee14
Size: 110.08 kB - postgresql-plpython3-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 5841f103d3f8921c65d9df961124002b
SHA-256: b20d4587d1d0cfcae6682d2420124e867ffd9bf16528e1d0e262dc5ac47294c7
Size: 130.09 kB - postgresql-pltcl-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: afdcfc370da766482af6ccf498524416
SHA-256: 88a32034bd2d54d9ceb8a9bc7fc82f622393a4b3cff5ca64cf476436beda0738
Size: 85.52 kB - postgresql-server-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: b40cb6637cdf8ccd5ba16305daf05ea3
SHA-256: 8471ba40e3b28ef80fb9c7c3e4a32419fcb8e4c3ab59d6e004663e52fd8f7c77
Size: 5.56 MB - postgresql-server-devel-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: 4529fd27085680ee3b1c2ffa3760ed9d
SHA-256: d0d9643a90ae9bb5910490b3654793c98655bb05a2721394be075f1e817a69bd
Size: 1.23 MB - postgresql-static-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: de1aa82d9416254dbf923b6e68579442
SHA-256: a1c2651f14d848362ffd886ca5338c1bc5c452d4417d3454e9fbf1616c51dbeb
Size: 175.30 kB - postgresql-test-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: d68c88e65a9b8090f561e9af1ca53ba6
SHA-256: 578574945edfaa260af09014ffebc10f550496105b91379cb114a96039efc9d2
Size: 1.96 MB - postgresql-test-rpm-macros-12.22-3.module+el8+1858+fbedf1f0.noarch.rpm
MD5: 8d4ccd4b855c970390b82ef4071ea1fd
SHA-256: 77163daeb7a0ed64249dae7203bc0727a7446292d09e8da500e281e31615ebfa
Size: 53.27 kB - postgresql-upgrade-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: bf084651b91cc075cc2cf4a3692f570b
SHA-256: a2d76eca629396b41a46a976fe7c26f1c36e9b3e03b9bc5bd68d834c6ba9f949
Size: 4.07 MB - postgresql-upgrade-devel-12.22-3.module+el8+1858+fbedf1f0.x86_64.rpm
MD5: ae08215f3672852c854f2c9dbffa5094
SHA-256: 54b7d570fc8a271222c49718e25451b135ccc0b6f32ebf7863a5ebbc8edf988a
Size: 1.13 MB
English