Bug 2345548 (CVE-2025-1094)
| Summary: | CVE-2025-1094 postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bojan, mhhall3 |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2345571, 2345572, 2345573, 2345706, 2345568, 2345569, 2345570, 2345705 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-02-13 14:01:01 UTC
No patches yet? Not even Fedora rebuilds? This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:1720 https://access.redhat.com/errata/RHSA-2025:1720 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:1725 https://access.redhat.com/errata/RHSA-2025:1725 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:1722 https://access.redhat.com/errata/RHSA-2025:1722 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:1721 https://access.redhat.com/errata/RHSA-2025:1721 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:1728 https://access.redhat.com/errata/RHSA-2025:1728 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:1723 https://access.redhat.com/errata/RHSA-2025:1723 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2025:1724 https://access.redhat.com/errata/RHSA-2025:1724 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:1733 https://access.redhat.com/errata/RHSA-2025:1733 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:1729 https://access.redhat.com/errata/RHSA-2025:1729 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1732 https://access.redhat.com/errata/RHSA-2025:1732 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1726 https://access.redhat.com/errata/RHSA-2025:1726 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2025:1727 https://access.redhat.com/errata/RHSA-2025:1727 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1730 https://access.redhat.com/errata/RHSA-2025:1730 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:1731 https://access.redhat.com/errata/RHSA-2025:1731 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2025:1735 https://access.redhat.com/errata/RHSA-2025:1735 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1738 https://access.redhat.com/errata/RHSA-2025:1738 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1736 https://access.redhat.com/errata/RHSA-2025:1736 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1737 https://access.redhat.com/errata/RHSA-2025:1737 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1742 https://access.redhat.com/errata/RHSA-2025:1742 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1743 https://access.redhat.com/errata/RHSA-2025:1743 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:1741 https://access.redhat.com/errata/RHSA-2025:1741 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1740 https://access.redhat.com/errata/RHSA-2025:1740 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:1744 https://access.redhat.com/errata/RHSA-2025:1744 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:1739 https://access.redhat.com/errata/RHSA-2025:1739 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:1745 https://access.redhat.com/errata/RHSA-2025:1745 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2025:3050 https://access.redhat.com/errata/RHSA-2025:3050 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2025:3062 https://access.redhat.com/errata/RHSA-2025:3062 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:3063 https://access.redhat.com/errata/RHSA-2025:3063 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:3064 https://access.redhat.com/errata/RHSA-2025:3064 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:3082 https://access.redhat.com/errata/RHSA-2025:3082 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:3978 https://access.redhat.com/errata/RHSA-2025:3978 |