{"schema_version":"1.7.2","id":"OESA-2025-2142","modified":"2025-09-05T12:42:34Z","published":"2025-09-05T12:42:34Z","upstream":["CVE-2025-8713","CVE-2025-8714","CVE-2025-8715"],"summary":"postgresql security update","details":"PostgreSQL is an advanced Object-Relational database management system (DBMS).\nThe base postgresql package contains the client programs that you'll need to\naccess a PostgreSQL DBMS server, as well as HTML documentation for the whole\nsystem.  These client programs can be located on the same machine as the\nPostgreSQL server, or on a remote machine that accesses a PostgreSQL server\nover a network connection.  The PostgreSQL server can be found in the\npostgresql-server sub-package.\r\n\r\nSecurity Fix(es):\n\nPostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access.  Separately, statistics allow a user to read sampled data that a row security policy intended to hide.  PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process.  Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies.  Reachable statistics data notably included histograms and most-common-values lists.  CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.(CVE-2025-8713)\n\nUntrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands.  pg_dumpall is also affected.  pg_restore is affected when used to generate a plain-format dump.  This is similar to MySQL CVE-2024-21096.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.(CVE-2025-8714)\n\nImproper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name.  The same attacks can achieve SQL injection as a superuser of the restore target server.  pg_dumpall, pg_restore, and pg_upgrade are also affected.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.  Versions before 11.20 are unaffected.  CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.(CVE-2025-8715)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"postgresql","purl":"pkg:rpm/openEuler/postgresql&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.22-1.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["postgresql-13.22-1.oe2203sp4.aarch64.rpm","postgresql-contrib-13.22-1.oe2203sp4.aarch64.rpm","postgresql-debuginfo-13.22-1.oe2203sp4.aarch64.rpm","postgresql-debugsource-13.22-1.oe2203sp4.aarch64.rpm","postgresql-docs-13.22-1.oe2203sp4.aarch64.rpm","postgresql-llvmjit-13.22-1.oe2203sp4.aarch64.rpm","postgresql-plperl-13.22-1.oe2203sp4.aarch64.rpm","postgresql-plpython3-13.22-1.oe2203sp4.aarch64.rpm","postgresql-pltcl-13.22-1.oe2203sp4.aarch64.rpm","postgresql-private-devel-13.22-1.oe2203sp4.aarch64.rpm","postgresql-private-libs-13.22-1.oe2203sp4.aarch64.rpm","postgresql-server-13.22-1.oe2203sp4.aarch64.rpm","postgresql-server-devel-13.22-1.oe2203sp4.aarch64.rpm","postgresql-static-13.22-1.oe2203sp4.aarch64.rpm","postgresql-test-13.22-1.oe2203sp4.aarch64.rpm"],"noarch":["postgresql-test-rpm-macros-13.22-1.oe2203sp4.noarch.rpm"],"src":["postgresql-13.22-1.oe2203sp4.src.rpm"],"x86_64":["postgresql-13.22-1.oe2203sp4.x86_64.rpm","postgresql-contrib-13.22-1.oe2203sp4.x86_64.rpm","postgresql-debuginfo-13.22-1.oe2203sp4.x86_64.rpm","postgresql-debugsource-13.22-1.oe2203sp4.x86_64.rpm","postgresql-docs-13.22-1.oe2203sp4.x86_64.rpm","postgresql-llvmjit-13.22-1.oe2203sp4.x86_64.rpm","postgresql-plperl-13.22-1.oe2203sp4.x86_64.rpm","postgresql-plpython3-13.22-1.oe2203sp4.x86_64.rpm","postgresql-pltcl-13.22-1.oe2203sp4.x86_64.rpm","postgresql-private-devel-13.22-1.oe2203sp4.x86_64.rpm","postgresql-private-libs-13.22-1.oe2203sp4.x86_64.rpm","postgresql-server-13.22-1.oe2203sp4.x86_64.rpm","postgresql-server-devel-13.22-1.oe2203sp4.x86_64.rpm","postgresql-static-13.22-1.oe2203sp4.x86_64.rpm","postgresql-test-13.22-1.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2142"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8713"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8714"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8715"}],"database_specific":{"severity":"High"}}