This update upgrades postgresql16 to version 16.10-alt0.p10.1. Security Fix(es): * BDU:2025-09827: Уязвимость компонента core server систем…
This update upgrades postgresql16 to version 16.10-alt0.p10.1. Security Fix(es): * BDU:2025-09827: Уязвимость компонента core server системы управления базами данных PostgreSQL, позволяющая нарушителю обойти ограничения безопасности ACL и получить несанкционированный доступ к защищаемой информации * BDU:2025-09829: Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код * BDU:2025-09830: Уязвимость утилиты pg_dump системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код * CVE-2025-8713: PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. * CVE-2025-8714: Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. * CVE-2025-8715: Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.
The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.
https://cwe.mitre.org/data/definitions/1230.html →Open in CWE collection →| Product | Vendor | Status |
|---|---|---|
| Tracked | ||
| libecpg6-16 | Tracked | |
| libecpg6-16-devel | Tracked | |
| libecpg6-16-devel-static | Tracked | |
| postgresql-13 | Tracked | |
| postgresql-14 | Tracked | |
| postgresql-15 | Tracked | |
| postgresql-15 | Tracked | |
| postgresql-15 | Tracked | |
| postgresql-16 | Tracked | |
| postgresql-17 | Tracked | |
| postgresql-17 | Tracked | |
| postgresql-17 | Tracked | |
| postgresql-17 | Tracked | |
| postgresql16 | Tracked | |
| postgresql16-contrib | Tracked | |
| postgresql16-docs | Tracked | |
| postgresql16-llvmjit | Tracked | |
| postgresql16-perl | Tracked | |
| postgresql16-python | Tracked |