ELSA-2025-16099

Опубликовано: 19 нояб. 2025

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2025-16099: postgresql security update (IMPORTANT)

[9.2.24-9.0.7]

Restrict psql meta-commands in plain-text dumps [Orabug: 38442031][CVE-2025-8714]

[9.2.24-9.0.5]

Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain
libpq functions [Orabug: 37843176]

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

postgresql

9.2.24-9.0.7.el7_9

postgresql-contrib

9.2.24-9.0.7.el7_9

postgresql-devel

9.2.24-9.0.7.el7_9

postgresql-docs

9.2.24-9.0.7.el7_9

postgresql-libs

9.2.24-9.0.7.el7_9

postgresql-plperl

9.2.24-9.0.7.el7_9

postgresql-plpython

9.2.24-9.0.7.el7_9

postgresql-pltcl

9.2.24-9.0.7.el7_9

postgresql-server

9.2.24-9.0.7.el7_9

postgresql-static

9.2.24-9.0.7.el7_9

postgresql-test

9.2.24-9.0.7.el7_9

postgresql-upgrade

9.2.24-9.0.7.el7_9

Связанные CVE

CVE-2025-8714

Ссылки на источники

Связанные уязвимости

CVE-2025-8714

CVSS3: 8.8

ubuntu

4 месяца назад

Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.