[security - medium] postgresql:16 security update

エラータID: AXSA:2026-063:01

リリース日: 
2026/01/21 Wednesday - 18:53
題名: 
[security - medium] postgresql:16 security update
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: CREATE STATISTICS does not check for schema CREATE privilege (CVE-2025-12817)
* postgresql: libpq undersizes allocations, via integer wraparound (CVE-2025-12818)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Modularity name: "postgresql"
Stream name: "16"

解決策: 

Update packages.

CVE: 
CVE-2025-12817
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVE-2025-12818
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pgaudit-16.0-1.module+el9+1125+9c03f0dd.src.rpm
    MD5: 160f5b3ae82048d0641ecfdf94958f47
    SHA-256: fd60e8cc26a7230da8cc374a2f3b114e6df647a16755ada7ddf1fb59da880d77
    Size: 52.79 kB
  2. pg_repack-1.5.1-1.module+el9+1125+9c03f0dd.src.rpm
    MD5: d7b2229ff3d6924b38dd626c487ef6ae
    SHA-256: 400acdf704149247c46f5003668b5f8af1451245ab1a5f702c2547aaa8b7f350
    Size: 105.44 kB
  3. pgvector-0.6.2-2.module+el9+1125+9c03f0dd.src.rpm
    MD5: 185b84f1dcc88d2a886cd321428cb25b
    SHA-256: e6e5345513715926abbe07040de562b4c7ceb4837326dcb8535cc75d42abe4be
    Size: 87.64 kB
  4. postgis-3.5.3-3.module+el9+1125+9c03f0dd.src.rpm
    MD5: dd6780ad2073762750cd44879976963e
    SHA-256: 144ec0ff2a8bec89a07219cf7f033143e0bea2045bb7d5db5cc9777a280b0bfa
    Size: 19.04 MB
  5. postgres-decoderbufs-2.4.0-1.Final.module+el9+1125+9c03f0dd.src.rpm
    MD5: 7649818b3724a1e616c202b104d9eeb1
    SHA-256: 60f2a112fd2d8abe9e9ef7b28e445411ce3efba7e710edf23be8b934958bf976
    Size: 21.46 kB
  6. postgresql-16.11-1.module+el9+1125+9c03f0dd.src.rpm
    MD5: a35dcde0776665a3b417e041e68aff7d
    SHA-256: de95fcc9c8ab5a14b74078482a16696f33a1f12f01939263178f9fd085db0e9e
    Size: 45.97 MB

Asianux Server 9 for x86_64
  1. pgaudit-16.0-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 8d8982d4b9429454e92e47622bb59748
    SHA-256: 84e2a3eb72caac18fcac8d6e350ed0a9774ecdb308703544620f6e1ce853e6a4
    Size: 27.64 kB
  2. pgaudit-debugsource-16.0-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 945044a50059976e9a777bfc38e7fa9c
    SHA-256: 6e8482edf3eff8780e4ab098b14c232067ec4fe8a46cc9f8d3f0fdecb76570c2
    Size: 22.85 kB
  3. pg_repack-1.5.1-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 3f2a2095d0b8e856d29f124f03895953
    SHA-256: d61cecc99d15e92d14d2f69a216d151216201a4ac481a0ad7a9f4374b9f0405c
    Size: 91.79 kB
  4. pg_repack-debugsource-1.5.1-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: b8d5708dd6a2afcdf6aded75daa76cd8
    SHA-256: ad9a53c31efceac39d8cdfbcd36c5fa98b568cee2782bdb6723e48e1f2898ff1
    Size: 49.03 kB
  5. pgvector-0.6.2-2.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: a208f3efd608e282f021e51b7d3aac6b
    SHA-256: fb818e2e287e005127c4770d71a9bfd44075b7929933a73291112bac5dc8fbac
    Size: 80.64 kB
  6. pgvector-debugsource-0.6.2-2.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 5cd22772d15a07e32c8baec9f77c92e8
    SHA-256: e5a2fc32fc5adf2d22f5a9f0d1ed05d8e91c1030bb8196777d364a6f44c83350
    Size: 54.88 kB
  7. postgis-3.5.3-3.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 2e2cb74f0420f6f22a3a0caeb682f597
    SHA-256: 46157042c89fcd4d1af8b3015a750ab4330f3644a5ffb14cdf6f204ec6046435
    Size: 2.00 MB
  8. postgis-client-3.5.3-3.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 616fdda6323e0a125e804f0a60db8eeb
    SHA-256: 338bfa9a3736f2a405b1690519f57635a87ab08932cec83d80fb97f956c0c8c4
    Size: 148.50 kB
  9. postgis-debugsource-3.5.3-3.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 81a45788bf2cd2fe0c2f10bef10cd35a
    SHA-256: 2d2f4d9a03198f5fc7087d5889241634be99b3b5b69ac3a613ec7d17bdf7a969
    Size: 1.24 MB
  10. postgis-docs-3.5.3-3.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 018298dd9d9fc6df2c1922a537098471
    SHA-256: da5cc5c360b2e9226b8207eddf053d4b0b8765d0b4ace1d83e120e8d59ede635
    Size: 4.85 MB
  11. postgis-upgrade-3.5.3-3.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: becb2f345a172f01f92b3e697e44008c
    SHA-256: 5d4e9cadfd63287e2bb43cf7a5dddbda11c4272e1b6e0b63b7affe18aa6af1d8
    Size: 971.90 kB
  12. postgis-utils-3.5.3-3.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: ab88ba20e10d41ba1fe2f5f688391980
    SHA-256: e83c66808c424be7eeb638a0e342fefb8ec7315be6341597d9736c4c07cfa841
    Size: 39.04 kB
  13. postgres-decoderbufs-2.4.0-1.Final.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 36d860884e3c6cd34d36437195bd035b
    SHA-256: adcaca37d11fc0c6e5fbd1bc12cd2e0876509364080b27575c38d5c330b7f9ca
    Size: 21.84 kB
  14. postgres-decoderbufs-debugsource-2.4.0-1.Final.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 4e89c909c72f068c294730b5a0569e4a
    SHA-256: 644d49c8ea22d1b0d18729c0cb5d3b8fbf4503e2b9d432bed295cbc14b5761e1
    Size: 16.55 kB
  15. postgresql-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: c2d728c2d606eb69325343083a1b0750
    SHA-256: e37f8f8978ec1d4141495d368b4a4e0214dc1ae1123676fa887aceb408e105e4
    Size: 1.96 MB
  16. postgresql-contrib-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: abab1e767e29952c64a22dbc6e56fbc4
    SHA-256: 18a1b4cdf06616d423ac095b9de8748f450cacadc5449c3a87137b906430c3aa
    Size: 1.01 MB
  17. postgresql-debugsource-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 0f44b39f2ebbd99f8a73cc7bd1f99607
    SHA-256: d6102c034012efd6b8519149293dda3e1bc269905afa5cacb112f87f4cb50f88
    Size: 16.98 MB
  18. postgresql-docs-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 153a4a9cb299b33a8c096063b4da31ba
    SHA-256: d8dfe49d38d3a42506117a04277c2ed21c86b20e9891054b01aeb40ffb6d2266
    Size: 2.36 MB
  19. postgresql-plperl-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 2eec2b025c208af2fde2f8b680492970
    SHA-256: 25deb97ffab5c1c636c8a88699bc93c7d7704f75e33de88598071e6da84f7b85
    Size: 80.15 kB
  20. postgresql-plpython3-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 56aee3af271e239e787efa724968b74d
    SHA-256: 75b5b0834d49de4ca22573016b7a16cfdc2e619e4257f400ba91ae85bfe9247c
    Size: 101.91 kB
  21. postgresql-pltcl-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: ff5cf5419cdfe97d90fa06813102f871
    SHA-256: 394e783f69b8622b911903dc9d17b7cedc7a742cb43e394bc2a79f1dadae99e2
    Size: 53.34 kB
  22. postgresql-private-devel-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 4992ae09b502b85f5f03f50c7624adfc
    SHA-256: 149e5727b94e1b056ed450166621c8e5f64aa32aedc0ffd422ba917b499be485
    Size: 66.15 kB
  23. postgresql-private-libs-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 450c45fbc657e945b8775ab80db3d764
    SHA-256: 37b9472c78572d0a69eee0d288a1059946e74c34029a3881f63e7c98389588d4
    Size: 143.07 kB
  24. postgresql-server-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: f87e90605341340b144cde5294d00804
    SHA-256: 8ea50354abd93651277259dc9732ecd67c668d6c6c66fe33d6dc3041ebaf1edd
    Size: 6.98 MB
  25. postgresql-server-devel-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: e24be3f144463efd521c0d75156b3c4b
    SHA-256: 05ae25d2ea85df013d591a98b0ee5c5dfd85fd4a099135795211a43d274df1d6
    Size: 1.48 MB
  26. postgresql-static-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 348d4126518dab5c631597051dd19e94
    SHA-256: 19d764a6f2a8eb889c59e8dd29bb0d7bfc38d0167d3d6b4676d83f597fec9de8
    Size: 131.23 kB
  27. postgresql-test-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: 4f6c1b2cd2bb2eaa2501f4df80bc6a5a
    SHA-256: c3df21f6520884e935b344c299d42dc654ed107a8b3f533e69e9f1871df9fe36
    Size: 1.79 MB
  28. postgresql-test-rpm-macros-16.11-1.module+el9+1125+9c03f0dd.noarch.rpm
    MD5: b66b239464ae63696f71a6e5340c526f
    SHA-256: d30036d5a8abc14d600f58b5c99f8cc65851b6c6b508eadd9f7379a23cc09b5b
    Size: 9.65 kB
  29. postgresql-upgrade-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: c29fe05b77e13e5f705d8e5d93938f1a
    SHA-256: 1d46eb38cca525398246ef41b39699d1feeb7dfe99859ca3b6076c68264d258d
    Size: 5.14 MB
  30. postgresql-upgrade-devel-16.11-1.module+el9+1125+9c03f0dd.x86_64.rpm
    MD5: e6400ee4353bfb2d36dc53c24d94400b
    SHA-256: b3bdb7ae89a806aa037b020e6d6f36e90907ebf50bfaa5338288258e63640670
    Size: 1.38 MB