Several security issues were fixed in PostgreSQL.
Software Description:
- postgresql-17: Object-relational SQL database
- postgresql-16: Object-relational SQL database
- postgresql-14: Object-relational SQL database
Details:
Dean Rasheed discovered that PostgreSQL incorrectly handled access control
lists. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-8713)
Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL
pg_dump utility allowed untrusted data inclusion. A malicious superuser
could use this issue to execute arbitrary code when a dump script is
reloaded. (CVE-2025-8714)
Noah Misch discovered that the PostgreSQL pg_dump utility incorrectly
filtered line breaks in object names. An attacker could create object names
that execute arbitrary SQL commands when a dump script is reloaded.
(CVE-2025-8715)
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 postgresql-17 17.6-0ubuntu0.25.04.1 postgresql-client-17 17.6-0ubuntu0.25.04.1 Ubuntu 24.04 LTS postgresql-16 16.10-0ubuntu0.24.04.1 postgresql-client-16 16.10-0ubuntu0.24.04.1 Ubuntu 22.04 LTS postgresql-14 14.19-0ubuntu0.22.04.1 postgresql-client-14 14.19-0ubuntu0.22.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7741-1
CVE-2025-8713, CVE-2025-8714, CVE-2025-8715
Get the latest Linux and open source security news straight to your inbox.