Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Ubuntu 16.04 LTS USN-6366-1 Critical: PostgreSQL Command Execution

Calendar Sep 13, 2023 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory command execution Ubuntu arbitrary code PostgreSQL superuser access
PostgreSQL could be made to execute commands as the bootstrap superuser. 
==========================================================================
Ubuntu Security Notice USN-6366-1
September 13, 2023

postgresql-9.5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

PostgreSQL could be made to execute commands as the bootstrap superuser.

Software Description:
- postgresql-9.5: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   postgresql-9.5                     9.5.25-0ubuntu0.16.04.1+esm5
   postgresql-client-9.5           9.5.25-0ubuntu0.16.04.1+esm5

After a standard system update you need to restart PostgreSQL to make
all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6366-1
   CVE-2023-39417

Ubuntu 16.04 LTS USN-6366-1 Critical: PostgreSQL Command Execution

ubuntu
Calendar Grey September 13, 2023
Dist Ubuntu Esm H88
Security risk identified in PostgreSQL on Ubuntu 16.04 LTS permits unauthorized command execution with superuser privileges. Immediate update recommended!
PostgreSQL could be made to execute commands as the bootstrap superuser.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: PostgreSQL could be made to execute commands as the bootstrap superuser. Software Description: - postgresql-9.5: Object-relational SQL database Details: It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser.

Topics%20covered

Topics Covered

security advisory command execution Ubuntu arbitrary code PostgreSQL superuser access

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro):   postgresql-9.5                     9.5.25-0ubuntu0.16.04.1+esm5   postgresql-client-9.5           9.5.25-0ubuntu0.16.04.1+esm5 After a standard system update you need to restart PostgreSQL to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6366-1

  CVE-2023-39417

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6366-1

Topics%20covered

Topics Covered

security advisory command execution Ubuntu arbitrary code PostgreSQL superuser access

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here