Debian 11: postgresql-13 Critical Security Update DLA-4273-1
debian lts
August 14, 2025
It was discovered that there were a number of vulnerabilities in postgresql-13, the widely-popular database management system: * CVE-2025-8713: The fix for CVE-2017-7484 (plus foll...
Topics Covered
Summary
* CVE-2025-8713: The fix for CVE-2017-7484 (plus followup fixes),
was intended to prevent leaky functions from being applied to
statistics data for columns that the calling user does not have
permission to read. Some gaps in that protection were found and
addressed.
* CVE-2025-8714: Prevent pg_dump scripts from being used to attack
the user running the restore. An attacker who had gained
superuser-level control over the source server might have been
able to cause it to emit text that would be interpreted as psql
meta-commands.
* CVE-2025-8715: Convert newlines to spaces in names included in
comments in pg_dump output, because names containing newlines
offered the ability to inject arbitrary SQL commands into the
output script.
For Debian 11 bullseye, these problems have been fixed in version
13.22-0+deb11u1. Thanks to Christoph Berg (myon) for preparing this
upload.
We recommend that you upgrade your postgresql-13 packages.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: postgresql-13
Version: 13.22-0+deb11u1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!