Описание
ELSA-2025-1741: postgresql:15 security update (IMPORTANT)
pgaudit [1.7.0-1]
- Initial import for postgresql 15 module
- Update to 1.7.0
- Support postgresql 15
- Related: #2128410
pg_repack [1.4.8-2]
- Add new build dependencies to fix build with lz4 enabled
- Related: RHEL-47350
[1.4.8-1]
- Update to version 1.4.8
- Postgresql 15 is supported
- Related: #2128410
postgres-decoderbufs [1.9.7-1.Final]
- Iitial import for postgresql 15 stream
- Related: #2128410
postgresql [15.12-1]
- Update to 15.12
[15.10-1]
- Update to 15.10
- Fixes: CVE-2024-10976 CVE-2024-10978 CVE-2024-10979
[15.8-2]
- Fix build on 15.8
[15.8-1]
- Update to 15.8
[15.6-3]
- Remove /var/run/postgresql
- Related: RHEL-51271
[15.6-2]
- Enable lz4 and zstd support
[15.6-1]
- Update to 15.6 and 13.14
- Fix CVE-2024-0985
[15.5-1]
- update to 15.5
- Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418
[15.3-1]
- update to 15.3
- Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module postgresql:15 is enabled
pg_repack
1.4.8-2.module+el9.5.0+90424+300303e9
pgaudit
1.7.0-1.module+el9.2.0+21134+ceb95ed9
postgres-decoderbufs
1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9
postgresql
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-contrib
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-docs
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-plperl
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-plpython3
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-pltcl
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-private-devel
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-private-libs
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-server
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-server-devel
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-static
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-test
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-test-rpm-macros
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-upgrade
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-upgrade-devel
15.12-1.module+el9.5.0+90527+e70c9846
Oracle Linux x86_64
Module postgresql:15 is enabled
pg_repack
1.4.8-2.module+el9.5.0+90424+300303e9
pgaudit
1.7.0-1.module+el9.2.0+21134+ceb95ed9
postgres-decoderbufs
1.9.7-1.Final.module+el9.2.0+21134+ceb95ed9
postgresql
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-contrib
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-docs
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-plperl
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-plpython3
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-pltcl
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-private-devel
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-private-libs
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-server
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-server-devel
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-static
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-test
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-test-rpm-macros
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-upgrade
15.12-1.module+el9.5.0+90527+e70c9846
postgresql-upgrade-devel
15.12-1.module+el9.5.0+90527+e70c9846
Связанные CVE
Связанные уязвимости
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Improper neutralization of quoting syntax in PostgreSQL libpq function ...