摘要:
postgresql security update
安全等级: Medium
公告ID: KylinSec-SA-2025-2670
发布日期: 2025年8月9日
关联CVE: CVE-2025-4207
PostgreSQL is an advanced Object-Relational database management system (DBMS).
The base postgresql package contains the client programs that you'll need to
access a PostgreSQL DBMS server, as well as HTML documentation for the whole
system. These client programs can be located on the same machine as the
PostgreSQL server, or on a remote machine that accesses a PostgreSQL server
over a network connection. The PostgreSQL server can be found in the
postgresql-server sub-package.
Security Fix(es):
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.(CVE-2025-4207)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-4207 | V6 | postgresql-13 | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| postgresql-test-rpm-macros | noarch | 15.13-2.ks6 |
| postgresql | x86_64 | 15.13-2.ks6 |
| postgresql-contrib | x86_64 | 15.13-2.ks6 |
| postgresql-docs | x86_64 | 15.13-2.ks6 |
| postgresql-llvmjit | x86_64 | 15.13-2.ks6 |
| postgresql-plperl | x86_64 | 15.13-2.ks6 |
| postgresql-plpython3 | x86_64 | 15.13-2.ks6 |
| postgresql-pltcl | x86_64 | 15.13-2.ks6 |
| postgresql-private-devel | x86_64 | 15.13-2.ks6 |
| postgresql-private-libs | x86_64 | 15.13-2.ks6 |
| postgresql-server | x86_64 | 15.13-2.ks6 |
| postgresql-server-devel | x86_64 | 15.13-2.ks6 |
| postgresql-static | x86_64 | 15.13-2.ks6 |
| postgresql-test | x86_64 | 15.13-2.ks6 |
| postgresql | aarch64 | 15.13-2.ks6 |
| postgresql-contrib | aarch64 | 15.13-2.ks6 |
| postgresql-docs | aarch64 | 15.13-2.ks6 |
| postgresql-llvmjit | aarch64 | 15.13-2.ks6 |
| postgresql-plperl | aarch64 | 15.13-2.ks6 |
| postgresql-plpython3 | aarch64 | 15.13-2.ks6 |
| postgresql-pltcl | aarch64 | 15.13-2.ks6 |
| postgresql-private-devel | aarch64 | 15.13-2.ks6 |
| postgresql-private-libs | aarch64 | 15.13-2.ks6 |
| postgresql-server | aarch64 | 15.13-2.ks6 |
| postgresql-server-devel | aarch64 | 15.13-2.ks6 |
| postgresql-static | aarch64 | 15.13-2.ks6 |
| postgresql-test | aarch64 | 15.13-2.ks6 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
