Ubuntu 16.04 LTS USN-6366-1 Critical: PostgreSQL Command Execution
ubuntu
September 13, 2023
PostgreSQL could be made to execute commands as the bootstrap superuser.
Summary
PostgreSQL could be made to execute commands as the bootstrap superuser.
Software Description:
- postgresql-9.5: Object-relational SQL database
Details:
It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm5 postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm5 After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6366-1
CVE-2023-39417
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6366-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!