OESA-2025-1153

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1153

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1153.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1153

Upstream

CVE-2025-1094

Published

2025-02-21T13:35:41Z

Modified

2025-08-12T05:48:45.555254Z

Summary

postgresql security update

Details

PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.

Security Fix(es):

Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when clientencoding is BIG5 and serverencoding is one of EUCTW or MULEINTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.(CVE-2025-1094)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP3 / postgresql

Package

Name: postgresql
Purl: pkg:rpm/openEuler/postgresql&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

13.19-1.oe2203sp3

Ecosystem specific

{
    "src": [
        "postgresql-13.19-1.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "postgresql-test-rpm-macros-13.19-1.oe2203sp3.noarch.rpm"
    ],
    "aarch64": [
        "postgresql-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-contrib-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-debuginfo-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-debugsource-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-docs-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-llvmjit-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-plperl-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-plpython3-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-pltcl-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-private-devel-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-private-libs-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-server-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-server-devel-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-static-13.19-1.oe2203sp3.aarch64.rpm",
        "postgresql-test-13.19-1.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "postgresql-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-contrib-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-debuginfo-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-debugsource-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-docs-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-llvmjit-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-plperl-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-plpython3-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-pltcl-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-private-devel-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-private-libs-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-server-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-server-devel-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-static-13.19-1.oe2203sp3.x86_64.rpm",
        "postgresql-test-13.19-1.oe2203sp3.x86_64.rpm"
    ]
}