SecurityHome.eu [USN-7741-1] PostgreSQL vulnerabilities

Home / mailings PDF

[USN-7741-1] PostgreSQL vulnerabilities
Posted on 08 September 2025
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-7741-1
September 08, 2025

postgresql-14, postgresql-16, postgresql-17 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
- postgresql-17: Object-relational SQL database
- postgresql-16: Object-relational SQL database
- postgresql-14: Object-relational SQL database

Details:

Dean Rasheed discovered that PostgreSQL incorrectly handled access control
lists. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-8713)

Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL
pg_dump utility allowed untrusted data inclusion. A malicious superuser
could use this issue to execute arbitrary code when a dump script is
reloaded. (CVE-2025-8714)

Noah Misch discovered that the PostgreSQL pg_dump utility incorrectly
filtered line breaks in object names. An attacker could create object names
that execute arbitrary SQL commands when a dump script is reloaded.
(CVE-2025-8715)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
postgresql-17 17.6-0ubuntu0.25.04.1
postgresql-client-17 17.6-0ubuntu0.25.04.1

Ubuntu 24.04 LTS
postgresql-16 16.10-0ubuntu0.24.04.1
postgresql-client-16 16.10-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
postgresql-14 14.19-0ubuntu0.22.04.1
postgresql-client-14 14.19-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7741-1
CVE-2025-8713, CVE-2025-8714, CVE-2025-8715

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-17/17.6-0ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/postgresql-16/16.10-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/postgresql-14/14.19-0ubuntu0.22.04.1

--===============6933380600010598332==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20