Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Ubuntu 16.04 ESM USN-5645-1 Critical: PostgreSQL SSL Handling Flaws

ubuntu
Calendar Grey September 28, 2022
Dist Ubuntu Esm H88
Notice regarding security updates for PostgreSQL vulnerabilities addressed in Ubuntu 16.04 ESM, encompassing severe SSL management issues.
Several security issues were fixed in PostgreSQL.

Summary

Several security issues were fixed in PostgreSQL.

Software Description:

- postgresql-9.5: Object-relational SQL database

Details:

Jacob Champion discovered that PostgreSQL incorrectly handled SSL

certificate verification and encryption. A remote attacker could possibly

use this issue to inject arbitrary SQL queries when a connection is first

established. (CVE-2021-23214)

Tom Lane discovered that PostgreSQL incorrect handled certain array

subscripting calculations. An authenticated attacker could possibly use

this issue to overwrite server memory and escalate privileges.

(CVE-2021-32027)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  postgresql-9.5                  9.5.25-0ubuntu0.16.04.1+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5645-1

CVE-2021-23214, CVE-2021-32027

Severity
critical
Lowest
Low
Medium
High
Critical

September 28, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.