Описание
ELSA-2025-28019: postgresql security update (IMPORTANT)
[12.22-5.0.1]
- Add backport of CVE-2025-8714 [Orabug: 38667546]
[12.22-5]
- Fix previous Backport
[12.22-4]
- Backport CVE-2025-8715
[12.22-3]
- Fix backport for CVE-2025-1094
[12.22-2]
- Backport fix for CVE-2025-1094
[12.22-1]
- Update to 12.22
- Fixes: CVE-2024-10976 CVE-2024-10978
[12.20-1]
- Update to 12.20
- Fix CVE-2024-7348
[12.18-1]
- Update to 12.18
- Fix CVE-2024-0985
[12.17-1]
- Update to version 12.17 Fix: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870
[12.15-3]
- Update postgresql-setup to 8.7 (https://github.com/devexp-db/postgresql-setup/pull/35)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module postgresql:12 is enabled
postgresql
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-contrib
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-docs
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-plperl
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-plpython3
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-pltcl
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-server
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-server-devel
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-static
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-test
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-test-rpm-macros
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-upgrade
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-upgrade-devel
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
Oracle Linux x86_64
Module postgresql:12 is enabled
postgresql
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-contrib
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-docs
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-plperl
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-plpython3
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-pltcl
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-server
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-server-devel
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-static
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-test
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-test-rpm-macros
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-upgrade
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
postgresql-upgrade-devel
12.22-5.0.1.module+el8.10.0+90711+f3f8ea77
Связанные CVE
Связанные уязвимости
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.
PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious s ...