Wednesday, May 21, 2025

[USN-7520-2] PostgreSQL vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmgt16gFAwAAAAAACgkQZWnYVadEvpPB
rQ//QByw0KiwCUgIoys2VRL7obSn7S+/kL9tTOo3pvGz0PYa68TH7PN1Jg76qR36zN8e2nvzsfHn
HQbJtM+3VF/7x2oVkZvI9cxtlXDAUgWxi4VbPWeSACaMXvHtWd6in2OhTqzbLufG1++3gL4EIqHh
GmjNbKDfPAkD6hzVX/l4Liy+iGLmfwn6z6bAhiRZPnrqr7mpFCwCuBHCIQBn9GZhZKNizB9zzlE6
CpBnY4oGw414j5YmWKB4XREEaECL2EodWZ2KK+7U2ryE/Jiy9EB2Npvd2wN8cMu57LzNdzt2HdQ1
76e1BLXy+VLxYHFxySfgKrHPLvcw8bi38EEssF7l7BH8Z/Jkxy3jkaReK1oDjTBiQKSMyFj18x4M
J40xTF0Z2QyOISWIwcsMwwxJNPkJl/Xkvat+9bwIPqSY3IJ/kOsii9CfIFH7pD9JtjpcIsxcj1OW
vlAw83IJOXRJYuFb8HF/bLzps1pFscOzKF07c24XwKFLaX/r2H00ADO8tCqf3TGPDI6yPCwYsQBR
W/5PNyWatpDFr7veLkEoCMDpux6UBIkRXFNGVescqCIzZlNaPmBdyPQlXfcec7dBLbG2HK6nPdYQ
cxmtbth+okRFS+gYch7ySELwHpQXAYsSSsVcqKBaKh+6IofRqUxqW7vi3rr5d3TmTNCaSDTj0mpQ
nZY=
=E20d
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7520-2
May 21, 2025

postgresql-17 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

PostgreSQL could be made to crash if it received specially crafted network
traffic.

Software Description:
- postgresql-17: Object-relational SQL database

Details:

USN-7520-1 fixed a vulnerability in PostgreSQL. This update provides the
corresponding updates for Ubuntu 25.04.

Original advisory details:

It was discovered that PostgreSQL incorrectly handled the GB18030
encoding. An attacker could possibly use this issue to cause PostgreSQL to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
postgresql-17 17.5-0ubuntu0.25.04.1
postgresql-client-17 17.5-0ubuntu0.25.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7520-2
https://ubuntu.com/security/notices/USN-7520-1
CVE-2025-4207

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-17/17.5-0ubuntu0.25.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)