Описание
ELSA-2025-1739: postgresql:15 security update (IMPORTANT)
pgaudit [1.7.0-1]
- Update to 1.7.0
- Support postgresql 15
- Related: #2128241
pg_repack [1.4.8-1]
- Update to version 1.4.8
- Postgresql 15 is supported
- Related: #2128241
postgres-decoderbufs [1.9.7-1.Final]
- Iitial import for postgresql 15 stream
- Related: #2128241
postgresql [15.12-1]
- Update to 15.12
- Fix CVE-2025-1094
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module postgresql:15 is enabled
pg_repack
1.4.8-1.module+el8.9.0+90110+d8a562d5
pgaudit
1.7.0-1.module+el8.9.0+90110+d8a562d5
postgres-decoderbufs
1.9.7-1.Final.module+el8.9.0+90110+d8a562d5
postgresql
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-contrib
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-docs
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-plperl
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-plpython3
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-pltcl
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-private-devel
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-private-libs
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-server
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-server-devel
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-static
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-test
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-test-rpm-macros
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-upgrade
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-upgrade-devel
15.12-1.module+el8.10.0+90529+917d02ef
Oracle Linux x86_64
Module postgresql:15 is enabled
pg_repack
1.4.8-1.module+el8.9.0+90110+d8a562d5
pgaudit
1.7.0-1.module+el8.9.0+90110+d8a562d5
postgres-decoderbufs
1.9.7-1.Final.module+el8.9.0+90110+d8a562d5
postgresql
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-contrib
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-docs
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-plperl
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-plpython3
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-pltcl
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-private-devel
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-private-libs
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-server
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-server-devel
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-static
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-test
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-test-rpm-macros
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-upgrade
15.12-1.module+el8.10.0+90529+917d02ef
postgresql-upgrade-devel
15.12-1.module+el8.10.0+90529+917d02ef
Связанные CVE
Связанные уязвимости
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq function ...