This bug was fixed in the package postgresql-14 - 14.20-0ubuntu0.22.04.1
---------------
postgresql-14 (14.20-0ubuntu0.22.04.1) jammy-security; urgency=medium
* New upstream version (LP: #2127667).
+ A dump/restore is not required for those running 14.X.
+ However, if you are upgrading from a version earlier than 14.19, see
those release notes as well please.
+ Check for CREATE privileges on the schema in CREATE STATISTICS (Jelte
Fennema-Nio)
This omission allowed table owners to create statistics in any schema,
potentially leading to unexpected naming conflicts. (CVE-2025-12817)
+ Avoid integer overflow in allocation-size calculations within libpq
(Jacob Champion)
Several places in libpq were not sufficiently careful about computing
the required size of a memory allocation. Sufficiently large inputs
could cause integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer. (CVE-2025-12818)
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/14/release-14-20.html.
* d/postgresql-14.NEWS: Update NEWS file.
-- Athos Ribeiro <[email protected]> Mon, 24 Nov 2025 10:34:10 -0300
** Changed in: postgresql-14 (Ubuntu Jammy)
Status: New => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-12817
** CVE added: https://cve.org/CVERecord?id=CVE-2025-12818
** Changed in: postgresql-16 (Ubuntu Noble)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127667
Title:
New PostgreSQL upstream microreleases 14.20, 16.11, and 17.7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-14/+bug/2127667/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
