Not a user yet?
Log in Register for free Suggest a product
Update

USN-7908-1: PostgreSQL vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-7908-1: PostgreSQL vulnerabilities

Publication date: 3 December 2025
Overview: Several security issues were fixed in PostgreSQL.

Packages

  • postgresql-14 - Object-relational SQL database
  • postgresql-16 - Object-relational SQL database
  • postgresql-17 - Object-relational SQL database

Details
Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command
did not correctly check for schema CREATE privileges. An authenticated
attacker could possibly use this issue to create a denial of service
against other CREATE STATISTICS users. (CVE-2025-12817)

Aleksey Solovev discovered that the PostgreSQL libpq client library
incorrectly handled certain memory operations. A remote attacker could
possibly use this issue to cause libpq to crash, resulting in a denial of
service. (CVE-2025-12818)

Update instructions
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

25.10 questing

  • postgresql-17 – 17.7-0ubuntu0.25.10.1

25.04 plucky

  • postgresql-17 – 17.7-0ubuntu0.25.04.1

24.04 LTS noble

  • postgresql-16 – 16.11-0ubuntu0.24.04.1

22.04 LTS jammy

  • postgresql-14 – 14.20-0ubuntu0.22.04.1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad