CVE-2025-1094:PostgreSQL 引擎中的 SQL 注入漏洞
PostgreSQL发布多个版本的安全更新(17.3、16.7等),修复1个SQL注入漏洞和70多个bug。该漏洞可能导致psql注入攻击。修复引入的回归问题将在2月20日的后续版本中解决。 2025-2-16 18:44:0 Author: seclists.org(查看原文) 阅读量:12 收藏
PostgreSQL发布多个版本的安全更新(17.3、16.7等),修复1个SQL注入漏洞和70多个bug。该漏洞可能导致psql注入攻击。修复引入的回归问题将在2月20日的后续版本中解决。 2025-2-16 18:44:0 Author: seclists.org(查看原文) 阅读量:12 收藏
oss-sec mailing list archives
From: James Addison <james () reciperadar com>
Date: Sun, 16 Feb 2025 18:22:30 +0000
On Sun, Feb 16, 2025 at 4:22 PM Solar Designer <solar () openwall com> wrote:
Hi, As announced on February 13 in: https://www.postgresql.org/about/news/postgresql-173-167-1511-1416-and-1319-released-3015/ https://www.postgresql.org/message-id/173945575457.197393.6175786842655230205%40wrigleys.postgresql.orgThe PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.3, 16.7, 15.11, 14.16, and 13.19. This release fixes 1 security vulnerability and over 70 bugs reported over the last several months. [ ... snip ... ]
For anyone considering upgrading: please note also that the fix for this vulnerability introduced a regression[1] that should be addressed by subsequent upcoming releases of PostgreSQL on Thursday 2025-02-20 (a few days from now). [1] - https://www.postgresql.org/message-id/272abbd9-d24c-49f1-8b61-83721906aa3b () postgresql org
Current thread:
- CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection Solar Designer (Feb 16)
- Re: CVE-2025-1094: PostgreSQL: Quoting APIs miss neutralizing quoting syntax in text that fails encoding validation, enabling psql SQL injection James Addison (Feb 16)
文章来源: https://seclists.org/oss-sec/2025/q1/141
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh