An update for libpq is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1565 Final 1.0 1.0 2025-05-30 Initial 2025-05-30 2025-05-30 openEuler SA Tool V1.0 2025-05-30 libpq security update An update for libpq is now available for openEuler-24.03-LTS-SP1 PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or interface. Security Fix(es): Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.(CVE-2025-4207) An update for libpq is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libpq https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1565 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 openEuler-24.03-LTS-SP1 libpq-15.13-1.oe2403sp1.aarch64.rpm libpq-debuginfo-15.13-1.oe2403sp1.aarch64.rpm libpq-debugsource-15.13-1.oe2403sp1.aarch64.rpm libpq-devel-15.13-1.oe2403sp1.aarch64.rpm libpq-15.13-1.oe2403sp1.src.rpm libpq-15.13-1.oe2403sp1.x86_64.rpm libpq-debuginfo-15.13-1.oe2403sp1.x86_64.rpm libpq-debugsource-15.13-1.oe2403sp1.x86_64.rpm libpq-devel-15.13-1.oe2403sp1.x86_64.rpm Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. 2025-05-30 CVE-2025-4207 openEuler-24.03-LTS-SP1 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H libpq security update 2025-05-30 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1565