{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libpq security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libpq is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or interface.\n\nSecurity Fix(es):\n\nBuffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.(CVE-2025-4207)", "category":"general", "title":"Description" }, { "text":"An update for libpq is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"libpq", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1565", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1565" }, { "summary":"CVE-2025-4207", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4207&packageName=libpq" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-4207" }, { "summary":"openEuler-SA-2025-1565 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1565.json" } ], "title":"An update for libpq is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-05-30T21:48:53+08:00", "revision_history":[ { "date":"2025-05-30T21:48:53+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-05-30T21:48:53+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-05-30T21:48:53+08:00", "id":"openEuler-SA-2025-1565", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-15.13-1.oe2403sp1.aarch64.rpm", "name":"libpq-15.13-1.oe2403sp1.aarch64.rpm" }, "name":"libpq-15.13-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-debuginfo-15.13-1.oe2403sp1.aarch64.rpm", "name":"libpq-debuginfo-15.13-1.oe2403sp1.aarch64.rpm" }, "name":"libpq-debuginfo-15.13-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-debugsource-15.13-1.oe2403sp1.aarch64.rpm", "name":"libpq-debugsource-15.13-1.oe2403sp1.aarch64.rpm" }, "name":"libpq-debugsource-15.13-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-devel-15.13-1.oe2403sp1.aarch64.rpm", "name":"libpq-devel-15.13-1.oe2403sp1.aarch64.rpm" }, "name":"libpq-devel-15.13-1.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-15.13-1.oe2403sp1.src.rpm", "name":"libpq-15.13-1.oe2403sp1.src.rpm" }, "name":"libpq-15.13-1.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-15.13-1.oe2403sp1.x86_64.rpm", "name":"libpq-15.13-1.oe2403sp1.x86_64.rpm" }, "name":"libpq-15.13-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-debuginfo-15.13-1.oe2403sp1.x86_64.rpm", "name":"libpq-debuginfo-15.13-1.oe2403sp1.x86_64.rpm" }, "name":"libpq-debuginfo-15.13-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-debugsource-15.13-1.oe2403sp1.x86_64.rpm", "name":"libpq-debugsource-15.13-1.oe2403sp1.x86_64.rpm" }, "name":"libpq-debugsource-15.13-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"libpq-devel-15.13-1.oe2403sp1.x86_64.rpm", "name":"libpq-devel-15.13-1.oe2403sp1.x86_64.rpm" }, "name":"libpq-devel-15.13-1.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-15.13-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.aarch64", "name":"libpq-15.13-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-debuginfo-15.13-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.aarch64", "name":"libpq-debuginfo-15.13-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-debugsource-15.13-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.aarch64", "name":"libpq-debugsource-15.13-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-devel-15.13-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.aarch64", "name":"libpq-devel-15.13-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-15.13-1.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.src", "name":"libpq-15.13-1.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-15.13-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.x86_64", "name":"libpq-15.13-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-debuginfo-15.13-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.x86_64", "name":"libpq-debuginfo-15.13-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-debugsource-15.13-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.x86_64", "name":"libpq-debugsource-15.13-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"libpq-devel-15.13-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.x86_64", "name":"libpq-devel-15.13-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-4207", "notes":[ { "text":"Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.x86_64" ], "details":"libpq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1565" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.9, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:libpq-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-debuginfo-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-debugsource-15.13-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:libpq-devel-15.13-1.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-4207" } ] }