postgresql:15 security update
エラータID: AXSA:2025-10824:01
リリース日:
2025/09/03 Wednesday - 17:37
題名:
postgresql:15 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PostgreSQL には、信頼できない機能の組み込みを許容してしまう
問題があるため、リモートの攻撃者により、任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2025-8714)
- PostgreSQL には、リモートの攻撃者により、任意のコードの実行、
および SQL インジェクションを可能とする脆弱性が存在します。
(CVE-2025-8715)
Modularity name: postgresql
Stream name: 15
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
追加情報:
N/A
ダウンロード:
SRPMS
- pgaudit-1.7.0-1.module+el8+1901+344eace2.src.rpm
MD5: f4d06358fe8de2d8fb3d3920e0d2feb0
SHA-256: 337d450572158f0c5f1c43ffb81f59f0fd1fe2ad760b205e589f8e3c64cc28b1
Size: 52.57 kB - pg_repack-1.4.8-1.module+el8+1901+344eace2.src.rpm
MD5: c6efd4c7f88d05e068c34bfaae8a915f
SHA-256: 17f56e6e62437bca194cd5f92fd6b854d6ba2fde577eddb60523462beaf3ab92
Size: 102.55 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1901+344eace2.src.rpm
MD5: 3ffbd3275a8581da4acf80541815e2ec
SHA-256: 814159b72548a08b7442bfd2003f76287bc92e5a930a6a0cebfe18509bf81902
Size: 23.30 kB - postgresql-15.14-1.module+el8+1901+344eace2.src.rpm
MD5: 3ea1baae4cb6e63f3cb1f39d81903a1e
SHA-256: 5bec883e8abd7b8116284c2ca63a9031964a77604c021b06327951624a2bbe6e
Size: 51.09 MB
Asianux Server 8 for x86_64
- pgaudit-1.7.0-1.module+el8+1901+344eace2.x86_64.rpm
MD5: f41268a086874c1ee65637665f3cc1ce
SHA-256: 449c758fcbb6387c2f93559fb62afad126ba0763559ec73504be4aab1826d977
Size: 28.32 kB - pgaudit-debugsource-1.7.0-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 0abb21f9a3f6000dfca11d94c5bd94fd
SHA-256: ae69d7785402ca313f700db4ee7f2812f3c14276b31ab0d21020addc73e930bb
Size: 24.12 kB - pg_repack-1.4.8-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 2584c19519cd9628570eb4b77740aae1
SHA-256: 50047e17f7feabc8b476606c6547bc7b1ab712aa4f9380889764dbd89e551ba2
Size: 94.39 kB - pg_repack-debugsource-1.4.8-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 4a4366b2ec04e72e191e5307bc62f6ae
SHA-256: 8949bdc755d2e14e513f4d385dec3272b754ef061bf2c9552f3d71eb81fe434c
Size: 50.55 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1901+344eace2.x86_64.rpm
MD5: b229d9de17f61c8af90e779460b4ed50
SHA-256: 2b73368e65d06e08551dc7ff7e831f9c47aea5063f2e46e0fd5c3d9dbe83542d
Size: 23.82 kB - postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8+1901+344eace2.x86_64.rpm
MD5: 6dce75bf8d97caf49b34ba24d25909b1
SHA-256: 0c08b58934101ab50094f6941f98b1f993d21d322881b895b5e7dff8a796b65e
Size: 18.27 kB - postgresql-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 6011e68da0a685918879aca3dbb00958
SHA-256: 245804ad16ad8ce9f49d94f4f8f9601a9fd9f90e669eb0ce828e0e808b7623e2
Size: 1.73 MB - postgresql-contrib-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 77d3908943321b8cf028bd0435fafc09
SHA-256: 877f21abe6163dd77967c3d885e1ab49c2f6cc4aaa1a0534b99157bd8393aee9
Size: 968.62 kB - postgresql-debugsource-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 17482dbaa76e129b1e679fd7e36bc37f
SHA-256: 6e39e3c5e74a1acbcfc3a1ebd231ba9b252180e0b492ecc2e12350b8d9362243
Size: 18.95 MB - postgresql-docs-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: b2266f6c03493b30f154dd4220f31c48
SHA-256: df7f571f0b728e78818dc88c87a1cb1c00ec2e6288b50fb00992ceafabd0add0
Size: 10.33 MB - postgresql-plperl-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 7189d98d5d1fed0f22dcac1e75858c85
SHA-256: 05daa6ae8682ed27b11256c21e4f27faa3eee13a8b89f78c92394593276f8e0b
Size: 72.92 kB - postgresql-plpython3-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 058b6879d62309790a1e189e2171e624
SHA-256: 565b5f7781c470e7f838c5c2e4ddac032f1a418e159db068f5f4aa93d49147d3
Size: 92.39 kB - postgresql-pltcl-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: fd95d92f99870bc4c5b8a4d2f380824e
SHA-256: 7e54cc8d8a1bc37e08642bf6ecf100ee3845e83919d9e5a2efe9748b03a8275c
Size: 45.25 kB - postgresql-private-devel-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 03b749988127e37d52278ed8dcd76d2e
SHA-256: 2c9014fb82a9b268c402e6a29b6f1dec439e92227a47f84e4ae43e8ce9027ee0
Size: 64.53 kB - postgresql-private-libs-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: cb11f6b7d0bbab475772f7cb1f82cd81
SHA-256: f49357b4d221684ff902a7af15c1576848ec2e51a42b712c91c9d7b41db5f2f2
Size: 132.48 kB - postgresql-server-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: ac5ca521a46c4c31fd6de2ec74ba5b10
SHA-256: 7386c14ca62f7ef58ca9c177e477932b735513c430ca51f54b513fedcffbaa37
Size: 6.17 MB - postgresql-server-devel-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: b881a8f8dea77d083d2fa90561b574dd
SHA-256: 95b2fab5e3cc128760271b268738f4c047f21fca3cc4f1753ee47beb5cd496c2
Size: 1.37 MB - postgresql-static-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 3f149a2cf03efa264dc905753f123d90
SHA-256: 2a8ca8438c4fbff9c75f5033b893f1b6a7d4cb1ea4f00fa2f69384c41836e310
Size: 153.21 kB - postgresql-test-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: dd3f8d9033310a47825878b213d58803
SHA-256: 4c071ce9d78b8ddd45aba5b00ac6bf0f6a4bccb027dceaa28b288e77b1633f4c
Size: 2.17 MB - postgresql-test-rpm-macros-15.14-1.module+el8+1901+344eace2.noarch.rpm
MD5: b1bd861c674b783e1af26e3704092a8f
SHA-256: 1cd2ab0d675b4bb3c1a1d45d090a62253d5e286c82c61b8027162ba39f83ec52
Size: 10.01 kB - postgresql-upgrade-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: aa50d7d6a2006161c482968504ca58ea
SHA-256: 35fe434012cbd78e4990e2d1e70aa4707d6c2c50dd35428620af89606cacf581
Size: 4.51 MB - postgresql-upgrade-devel-15.14-1.module+el8+1901+344eace2.x86_64.rpm
MD5: 81a1c880d8c5cd4b958c7abbc13e1e11
SHA-256: 222fa09ae24aa768204d689d11e3c9d19ab4957052c38925f080881d83e6b404
Size: 1.18 MB
English