{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Bump release to 9.2.24-9.0.3.tuxcare.els1", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2025/clsa-2025_1765287627.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627" } ], "tracking": { "current_release_date": "2025-12-09T13:41:47Z", "generator": { "date": "2025-12-09T13:41:47Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1765287627", "initial_release_date": "2025-12-09T13:41:47Z", "revision_history": [ { "date": "2025-12-09T13:41:47Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Update of postgresql" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product": { "name": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_id": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-libs@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product": { "name": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_id": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product": { "name": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_id": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-devel@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product": { "name": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_id": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-static@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-libs@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-upgrade@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-contrib@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-pltcl@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-plperl@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-plpython@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-devel@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-test@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-server@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-docs@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product": { "name": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_id": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-static@9.2.24-9.0.3.el7_9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686" }, "product_reference": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686" }, "product_reference": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686" }, "product_reference": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686" }, "product_reference": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" }, "product_reference": "postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-8714", "cwe": { "id": "CWE-829", "name": "Inclusion of Functionality from Untrusted Control Sphere" }, "notes": [ { "category": "description", "text": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-8714" } ], "release_date": "2025-08-14T13:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-09T13:40:29.644170Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627", "product_ids": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-7348", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-7348" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2024-7348/", "url": "https://www.postgresql.org/support/security/CVE-2024-7348/" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/08/11/1", "url": "http://www.openwall.com/lists/oss-security/2024/08/11/1" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240822-0002/", "url": "https://security.netapp.com/advisory/ntap-20240822-0002/" } ], "release_date": "2024-08-08T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-09T13:40:29.644170Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627", "product_ids": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-10979", "cwe": { "id": "CWE-15", "name": "External Control of System or Configuration Setting" }, "notes": [ { "category": "description", "text": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-10979" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2024-10979/", "url": "https://www.postgresql.org/support/security/CVE-2024-10979/" }, { "category": "external", "summary": "https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md", "url": "https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20250110-0003/", "url": "https://security.netapp.com/advisory/ntap-20250110-0003/" } ], "release_date": "2024-11-14T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-09T13:40:29.644170Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627", "product_ids": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-1094", "cwe": { "id": "CWE-149", "name": "Improper Neutralization of Quoting Syntax" }, "notes": [ { "category": "description", "text": "Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-1094" } ], "release_date": "2025-02-13T13:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-09T13:40:29.644170Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627", "product_ids": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1765287627" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-contrib-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-devel-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-docs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-libs-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plperl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-plpython-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-pltcl-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-server-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.i686", "Oracle-Linux-7:postgresql-static-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-test-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64", "Oracle-Linux-7:postgresql-upgrade-0:9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }