Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in PostgreSQL.
Software Description:
- postgresql-17: Object-relational SQL database
- postgresql-16: Object-relational SQL database
- postgresql-14: Object-relational SQL database
Details:
Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command
did not correctly check for schema CREATE privileges. An authenticated
attacker could possibly use this issue to create a denial of service
against other CREATE STATISTICS users. (CVE-2025-12817)
Aleksey Solovev discovered that the PostgreSQL libpq client library
incorrectly handled certain memory operations. A remote attacker could
possibly use this issue to cause libpq to crash, resulting in a denial of
service. (CVE-2025-12818)
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 postgresql-17 17.7-0ubuntu0.25.10.1 Ubuntu 25.04 postgresql-17 17.7-0ubuntu0.25.04.1 Ubuntu 24.04 LTS postgresql-16 16.11-0ubuntu0.24.04.1 Ubuntu 22.04 LTS postgresql-14 14.20-0ubuntu0.22.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7908-1
CVE-2025-12817, CVE-2025-12818
Get the latest Linux and open source security news straight to your inbox.