Explore top 10 tips to secure your open-source projects now. Read More
×
PostgreSQL could be made to run arbitrary SQL.
Software Description:
- postgresql-15: Object-relational SQL database
- postgresql-14: Object-relational SQL database
- postgresql-12: Object-relational SQL database
Details:
It was discovered that PostgreSQL incorrectly handled dropping privileges
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or
automatic system were tricked into running a specially crafted command, a
remote attacker could possibly use this issue to execute arbitrary SQL
functions.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: postgresql-15 15.6-0ubuntu0.23.10.1 postgresql-client-15 15.6-0ubuntu0.23.10.1 Ubuntu 22.04 LTS: postgresql-14 14.11-0ubuntu0.22.04.1 postgresql-client-14 14.11-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: postgresql-12 12.18-0ubuntu0.20.04.1 postgresql-client-12 12.18-0ubuntu0.20.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
https://ubuntu.com/security/notices/USN-6656-1
CVE-2024-0985
Get the latest Linux and open source security news straight to your inbox.