[USN-7740-1] LibEtPan vulnerability
[USN-7741-1] PostgreSQL vulnerabilities
[USN-7740-1] LibEtPan vulnerability
==========================================================================
Ubuntu Security Notice USN-7740-1
September 08, 2025
libetpan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
LibEtPan could be made to crash if it received specially crafted network
traffic.
Software Description:
- libetpan: Mail Framework for C Language
Details:
It was discovered that LibEtPan incorrectly handled memory when parsing
IMAP STATUS responses. A remote attacker could possibly use this issue to
cause LibEtPan to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libetpan20 1.9.4-3+deb11u1build0.22.04.1
Ubuntu 20.04 LTS
libetpan20 1.9.4-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libetpan20 1.8.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libetpan17 1.6-1ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7740-1
CVE-2022-4121
Package Information:
https://launchpad.net/ubuntu/+source/libetpan/1.9.4-3+deb11u1build0.22.04.1
[USN-7741-1] PostgreSQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7741-1
September 08, 2025
postgresql-14, postgresql-16, postgresql-17 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
- postgresql-17: Object-relational SQL database
- postgresql-16: Object-relational SQL database
- postgresql-14: Object-relational SQL database
Details:
Dean Rasheed discovered that PostgreSQL incorrectly handled access control
lists. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-8713)
Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL
pg_dump utility allowed untrusted data inclusion. A malicious superuser
could use this issue to execute arbitrary code when a dump script is
reloaded. (CVE-2025-8714)
Noah Misch discovered that the PostgreSQL pg_dump utility incorrectly
filtered line breaks in object names. An attacker could create object names
that execute arbitrary SQL commands when a dump script is reloaded.
(CVE-2025-8715)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
postgresql-17 17.6-0ubuntu0.25.04.1
postgresql-client-17 17.6-0ubuntu0.25.04.1
Ubuntu 24.04 LTS
postgresql-16 16.10-0ubuntu0.24.04.1
postgresql-client-16 16.10-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
postgresql-14 14.19-0ubuntu0.22.04.1
postgresql-client-14 14.19-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7741-1
CVE-2025-8713, CVE-2025-8714, CVE-2025-8715
Package Information:
https://launchpad.net/ubuntu/+source/postgresql-17/17.6-0ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/postgresql-16/16.10-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/postgresql-14/14.19-0ubuntu0.22.04.1
