postgresql-13.22-1.el9_6

エラータID: AXSA:2025-10796:04

リリース日: 
2025/09/01 Monday - 18:06
題名: 
postgresql-13.22-1.el9_6
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PostgreSQL には、信頼できない機能の組み込みを許容してしまう
問題があるため、リモートの攻撃者により、任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2025-8714)

- PostgreSQL には、リモートの攻撃者により、任意のコードの実行、
および SQL インジェクションを可能とする脆弱性が存在します。
(CVE-2025-8715)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. postgresql-13.22-1.el9_6.src.rpm
    MD5: 778e85d9e81569fc54fee8820f4f4ca8
    SHA-256: 26d3ddcc54ba2250791c87df747d565af09c1c0fd88b28203956965c79b0bcd9
    Size: 48.92 MB

Asianux Server 9 for x86_64
  1. postgresql-13.22-1.el9_6.x86_64.rpm
    MD5: 7f98eb8bd3e703f07e7332d7aa61422b
    SHA-256: da978007410670119b2fd6ac66f5a419cc426268846058e53ab75179c1a1f84d
    Size: 1.62 MB
  2. postgresql-contrib-13.22-1.el9_6.x86_64.rpm
    MD5: f29e13820afc950da4f2373e5424a756
    SHA-256: 3fae6ac1b7b68bb085844fc83f64ae98aa4ed25baf96c174616db68c4d07432e
    Size: 890.29 kB
  3. postgresql-docs-13.22-1.el9_6.x86_64.rpm
    MD5: 5215eae803dc1e009fa108efa18ffe3f
    SHA-256: 8f48c172a5a3641318065bfce1e4a4509ac478b5a59108889a1dbf9e0621d07d
    Size: 9.66 MB
  4. postgresql-plperl-13.22-1.el9_6.x86_64.rpm
    MD5: 01c184399d593d4d8545b84a36bdc6ed
    SHA-256: 1be8f631b854acce6a5a37c25b40c676f289aa836722dfe4572ee0af4fd1c251
    Size: 74.32 kB
  5. postgresql-plpython3-13.22-1.el9_6.x86_64.rpm
    MD5: 51f1ed74049de8e537365950e5945515
    SHA-256: 5ef8bd31c97232636c032fdd1449ef70e75097d76732327da203580147317f22
    Size: 93.48 kB
  6. postgresql-pltcl-13.22-1.el9_6.x86_64.rpm
    MD5: 77f3b74c12ff888a65661b441c347fcb
    SHA-256: f41689ce24f10961dc0e30ff62a8a7236c39c181bf20850f6884c1995825afe2
    Size: 48.42 kB
  7. postgresql-private-devel-13.22-1.el9_6.x86_64.rpm
    MD5: 874639c8f2bc53ffe8158c551d8ef6bc
    SHA-256: 4cfc511d4d54ffd6e0b4618c982b1b2c4ba411880d2664bb4daf241c5a3d1999
    Size: 62.77 kB
  8. postgresql-private-libs-13.22-1.el9_6.x86_64.rpm
    MD5: 48fbc694491a6cf419f0a0d4555546d9
    SHA-256: 3a629bd310faf2d33ed59a6aed26fc532a638fc8969203f6ec4fc2c8c86176f1
    Size: 136.88 kB
  9. postgresql-server-13.22-1.el9_6.x86_64.rpm
    MD5: f11762dc9d9306f9bf354db05e7af965
    SHA-256: 1dc8ef8f359d70e00edfb037991d748392ee09e9f941a44a9919465595952d58
    Size: 5.77 MB
  10. postgresql-server-devel-13.22-1.el9_6.x86_64.rpm
    MD5: 6820a98ce9bddacfe4e535eafdcabffe
    SHA-256: 9821f045937d952574d3d871291feef28542e8aeada8360e4ab9d2a375a06335
    Size: 1.30 MB
  11. postgresql-static-13.22-1.el9_6.x86_64.rpm
    MD5: 1c50846e0147bf0797f57f20a722ac00
    SHA-256: 1481df00559ff73977747e5e769bb0023619ee0e469e6aa6722f76cf973c6b0e
    Size: 125.24 kB
  12. postgresql-test-13.22-1.el9_6.x86_64.rpm
    MD5: 2b87ffa10bf73d60a8905e65fc8db0e8
    SHA-256: 4b935bb703e04dda0d8ce4dcfffb39ef65cead0a2ea7f40762836608f2d4d526
    Size: 1.53 MB
  13. postgresql-test-rpm-macros-13.22-1.el9_6.noarch.rpm
    MD5: 1cdc61ec53299490c4ffaccd2aa34a9f
    SHA-256: 2076a54036ac6a9908f561fda07c04242678d6199ad3b56b809f6a8fe93ec346
    Size: 8.96 kB
  14. postgresql-upgrade-13.22-1.el9_6.x86_64.rpm
    MD5: 197a79fa3fdf2bfaa0dedfbf4bf49f7d
    SHA-256: db7f53d201ce8f820b4bf25846255e0f2184c5aab58a9c9f725fde0a3d14ab76
    Size: 4.62 MB
  15. postgresql-upgrade-devel-13.22-1.el9_6.x86_64.rpm
    MD5: 1520b16fa647c56c07841fe3078de7f1
    SHA-256: 82ba73b15df3107d80bb356f1afc01876df209c5f937fb633b3dbabc43ec7237
    Size: 1.20 MB