Ubuntu 25.10 PostgreSQL Critical Security Execution Issues USN-8072-1

ubuntu

March 4, 2026

Several security issues were fixed in PostgreSQL.

Summary

Several security issues were fixed in PostgreSQL.

Software Description:

- postgresql-17: Object-relational SQL database

- postgresql-16: Object-relational SQL database

- postgresql-14: Object-relational SQL database

Details:

Altan Birler discovered that PostgreSQL incorrectly validated oidvector

types. An attacker could possibly use this issue to obtain a few bytes of

sensitive information. (CVE-2026-2003)

Daniel Firer discovered that PostgreSQL incorrectly validated input in the

intarray extension. An attacker could possibly use this issue to execute

arbitrary code. (CVE-2026-2004)

It was dicovered that PosgreSQL incorrectly handled certain pgcrypto memory

operations. An attacker could possibly use this issue to execute arbitrary

code. (CVE-2026-2005)

Paul Gerste and Moritz Sanft discovered that PostgreSQL incorrectly

validated multibyte character lengths. An attacker could possibly use this

issue to execute arbitrary code. (CVE-2026-2006)

Topics Covered

security advisory critical arbitrary code execution Ubuntu PostgreSQL data exposure

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  postgresql-17                   17.9-0ubuntu0.25.10.1
  postgresql-client-17            17.9-0ubuntu0.25.10.1

Ubuntu 24.04 LTS
  postgresql-16                   16.13-0ubuntu0.24.04.1
  postgresql-client-16            16.13-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
  postgresql-14                   14.22-0ubuntu0.22.04.1
  postgresql-client-14            14.22-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8072-1

CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006

Severity

critical

Lowest

Low

Medium

High

Critical

Ubuntu Security Notice USN-8072-1

Topics Covered

security advisory critical arbitrary code execution Ubuntu PostgreSQL data exposure

Package Information

https://launchpad.net/ubuntu/+source/postgresql-17/17.9-0ubuntu0.25.10.1

https://launchpad.net/ubuntu/+source/postgresql-16/16.13-0ubuntu0.24.04.1

https://launchpad.net/ubuntu/+source/postgresql-14/14.22-0ubuntu0.22.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Ubuntu 25.10 PostgreSQL Critical Security Execution Issues USN-8072-1

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Ubuntu 25.10 PostgreSQL Critical Security Execution Issues USN-8072-1

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!