Fellow Linux admins-

Environments using PostgreSQL for big data analysis, scientific research, and countless business intelligence applications are at a heightened state of alert after it was discovered there are significant critical SQL injection security flaws that can be exploited to execute arbitrary commands and gain unauthorized control over their systems. Read on to learn more about what this all means and how it might affect you and even the everyday services you use.

You'll also learn about a critical Time-of-Check Time-of-Use (TOCTOU) vulnerability in Nvidia Linux Container Toolkit up to version 1.17.3 and GPU Operator up to version 24.9.1 (CVE-2025-23359) that allows malicious actors to execute unauthorized code, disrupt services, escalate privileges, and access or tamper with sensitive data.

If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!

Stay safe out there,

Dv Signature Newsletter 2024 Esm W150

Dave Wreski

LinuxSecurity Founder

PostgreSQL

The Discovery 

significant critical SQL injection flaw (CVE-2025-1094) has been discovered in the popular open-source database. PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() all improperly handle quoting syntax that allows attackers to inject malicious SQL commands using key libpq functions. 

Postgresql Esm W221

The Impact

This vulnerability could be exploited to execute arbitrary commands and gain unauthorized control over impacted systems.

 The Fix

Important PostgreSQL security updates have been released to fix this bug. All admins using versions before 17.3, 16.7, 15.11, 14.16 or 13.19 should apply these updates promptly to secure their systems and data.

Your Related Advisories:

[distro_list_1]

Nvidia Container Toolkit/GPU Operator 

The Discovery 

Nvidia recently disclosed a critical Time-of-Check Time-of-Use (TOCTOU) vulnerability in their Linux Container Toolkit up to version 1.17.3 and GPU Operator up to version 24.9.1 (CVE-2025-23359).

Nvidia Esm W300

The Impact

These flaws allow malicious actors to execute unauthorized code, disrupt services, escalate privileges, and access or tamper with sensitive data.

 The Fix

Nvidia has released updates addressing this bug. Impacted admins and users should upgrade to Nvidia Container Toolkit version 1.17.4 or later as soon as possible and GPU Operator version 24.9.2 or later.

Your Related Advisories:

[distro_list_2]