postgresql:15 security update

エラータID: AXSA:2025-10826:01

リリース日: 
2025/09/03 Wednesday - 18:19
題名: 
postgresql:15 security update
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)
* postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.

Modularity name: "postgresql"
Stream name: "15"

解決策: 

Update packages.

CVE: 
CVE-2025-8714
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pgaudit-1.7.0-1.module+el9+1102+85b1faad.src.rpm
    MD5: b3d2071e5eebaf2ca7ab3a0c0d71a5cb
    SHA-256: 1a6a0e7d4be267ccd6aa3d9c93c1854284a2aa6130df0080ad6f26593ba79cfb
    Size: 51.24 kB
  2. pg_repack-1.4.8-2.module+el9+1102+85b1faad.src.rpm
    MD5: 6ceb0252e406131455f5a0a20c7023fd
    SHA-256: 7bd4f0b423043e82e80af2fc8d3dc4d3caa9e9e2a2108e1c3d5784b3032d4ea6
    Size: 102.34 kB
  3. postgres-decoderbufs-1.9.7-1.Final.module+el9+1102+85b1faad.src.rpm
    MD5: 33e0fdb71f49acf5251776ae5237f6a5
    SHA-256: 37f8c9f6100d9206f1043b4118b60b9ee492a71ff1ba1440a5f04f8e7f3b4571
    Size: 21.45 kB
  4. postgresql-15.14-1.module+el9+1102+85b1faad.src.rpm
    MD5: bad353d001990b6083f142ada3f20a4a
    SHA-256: be6b125ad94cd727c761de32a3e2ffa04a0ddc07113f23402373b27b21d64278
    Size: 51.10 MB

Asianux Server 9 for x86_64
  1. pgaudit-1.7.0-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 0d3fff35a6a23a81439690221c448255
    SHA-256: 81698a887af87a254ba787b10d77bf3f059f0139eb2b058a9f461c48e3e9818f
    Size: 27.48 kB
  2. pgaudit-debugsource-1.7.0-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: b3c260c34edeaa47e63df0c2b184d5dc
    SHA-256: 6007ca2d46433bf417171ae903dc0deb7b0952ab8eadc85c1b6ce1615d27443a
    Size: 22.29 kB
  3. pg_repack-1.4.8-2.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 68359651d2fefac030ddae7d167b04a5
    SHA-256: fa9eaa8c37bada26a301baa812f90e50c564898e369a174b5f31acbc32520b09
    Size: 90.02 kB
  4. pg_repack-debugsource-1.4.8-2.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 5af2769de67e8678f9b2e4d74e9504de
    SHA-256: ac9359287ef547f8f55b382016209c3828f88b46e786383638232abbec55ce83
    Size: 48.11 kB
  5. postgres-decoderbufs-1.9.7-1.Final.module+el9+1102+85b1faad.x86_64.rpm
    MD5: d573976b3f7ae11f97d5f24686d77539
    SHA-256: e3b05d69c299b6f4526d468b64acd69927086981be4a3d5381e7af7494290162
    Size: 22.72 kB
  6. postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el9+1102+85b1faad.x86_64.rpm
    MD5: de031dbbee255520d243a2916f8480ad
    SHA-256: 019edbefefb230205bf5978ec3880064642900304f2c4f6483eb8806425ee087
    Size: 16.55 kB
  7. postgresql-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 75069090dd1bd6f4165bdd21a76e930c
    SHA-256: 2b429ac7e4cb8f4703e656efad7be6a62868fd5616b2eb5390e8f43c373c6636
    Size: 1.73 MB
  8. postgresql-contrib-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: ebf99581f2e54eadb8ee1ea0dda806b0
    SHA-256: 60a499b9e563a88b0998534a8ce441c0d293fe6104c7ce409e7cf5a9a728506f
    Size: 0.97 MB
  9. postgresql-debugsource-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 0b8c3858cc7019843146fcd0059c051c
    SHA-256: 2973f2c1b3482fabebf208ff34e8251897491e130e42e4e34f1d626ab4fa6c3e
    Size: 16.18 MB
  10. postgresql-docs-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 7da29db1f29eacfc7a4c6bf600de7826
    SHA-256: 9e749cc04cc140cfabb999364e9e8c5654de3454752dc854b97e27ecb093cda7
    Size: 10.07 MB
  11. postgresql-plperl-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 21fdd0e26cb9fa7c5e6752830b942880
    SHA-256: a3ac54e849c9d3dd03267043f2bb3a18d92d76fe7c88967d5a2e728667bc82a5
    Size: 77.85 kB
  12. postgresql-plpython3-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: a022822cb4a09b04ef0d254cf487269b
    SHA-256: fc570a93c82b30e3d4a04347483083e321d7b678ccd780a253d4d5711106af80
    Size: 100.58 kB
  13. postgresql-pltcl-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: f56b75f4653eddf0a7c9de2555283cdf
    SHA-256: fe749127abae5016deb7e057781f2fd0f5d3e01dd6d21c6e9b227e6ae2d6b26c
    Size: 51.84 kB
  14. postgresql-private-devel-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 7e4d2304b06aeddf3db2dfa07237e0c3
    SHA-256: d28f0091b536ffe5158c43c15262f27ef47dd83bf127c603a7744ca344e72696
    Size: 67.05 kB
  15. postgresql-private-libs-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 39a90f20157f7e4580bca3f6a3670a13
    SHA-256: ab7499240c41a4157150cbf3cc7fc5748bec4631ea3657a4c705930a6db33232
    Size: 143.32 kB
  16. postgresql-server-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 47973da3d9404c2e376868dd688a409d
    SHA-256: 8c5626b3d5dcafb6bf41a2cfc60436a55be13313d47a6f3e4e7bbc071a19adb2
    Size: 6.30 MB
  17. postgresql-server-devel-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 49bf5ed45ddfe62584c624876e41170c
    SHA-256: 847d426367b7d706219d0617c97fc44644a645a7a16d07e2ebd08293d30705f1
    Size: 1.46 MB
  18. postgresql-static-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 0ccc5b2820bb1f8f1f4fe38fce6e1768
    SHA-256: 056208c71d1d81cb41d169f208ff72b62bb807de7782ee154fe24ffbb4b74f1d
    Size: 129.24 kB
  19. postgresql-test-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 73d591b44f5a7fa752ed93a1bd1d9d62
    SHA-256: 00e607856a32343a46809ef1662241612748afd57ca1a2cc77a28ad7b425e977
    Size: 1.70 MB
  20. postgresql-test-rpm-macros-15.14-1.module+el9+1102+85b1faad.noarch.rpm
    MD5: 9c63e2176ae215009d974892e531aa51
    SHA-256: d9e7c234ddd55556b60102175fcd4520f6a25a5002967f9cae4e693efcee58c1
    Size: 9.61 kB
  21. postgresql-upgrade-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: d15ed76d6193de514d932b3aee840721
    SHA-256: 8099837c7639b78fa4da1cbeee4569ff7c87ce382bf8d462ce528e0d3fb725fa
    Size: 4.77 MB
  22. postgresql-upgrade-devel-15.14-1.module+el9+1102+85b1faad.x86_64.rpm
    MD5: 609a7ac817b60b9798fc50fa70890055
    SHA-256: ad9df0f0b5b178aea8f704fe609a3b7d7d3e7424c549c30ce2282a020f38a1c1
    Size: 1.24 MB