PostgreSQL could be made to execute arbitrary code if it received specially
crafted input.
Software Description:
- postgresql-10: Object-relational SQL database
Details:
USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the
corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
Stephen Fewer discovered that PostgreSQL incorrectly handled quoting
syntax in certain scenarios. A remote attacker could possibly use this
issue to perform SQL injection attacks.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS postgresql-10 10.23-0ubuntu0.18.04.2+esm3 Available with Ubuntu Pro postgresql-client-10 10.23-0ubuntu0.18.04.2+esm3 Available with Ubuntu Pro After a standard system update you need to restart PostgreSQL to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7315-2
https://ubuntu.com/security/notices/USN-7315-1
CVE-2025-1094
Get the latest Linux and open source security news straight to your inbox.