Ubuntu Security Update USN-7741-1: PostgreSQL vulnerabilities

[LinuxBot]

Dean Rasheed discovered that PostgreSQL incorrectly handled access control lists. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-8713) Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL pg_dump utility allowed untrusted data inclusion. A malicious superuser could use this issue to execute arbitrary code when a dump script is reloaded. (CVE-2025-8714) Noah Misch discovered that the PostgreSQL pg_dump utility incorrectly filtered line breaks in object names. An attacker could create object names that execute arbitrary SQL commands when a dump script is reloaded. (CVE-2025-8715)

Continue reading...