PostgreSQL could execute arbitrary SQL functions as the superuser
if it received a specially crafted SQL object.
Software Description:
- postgresql-16: Object-relational SQL database
- postgresql-14: Object-relational SQL database
- postgresql-12: Object-relational SQL database
Details:
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS postgresql-16 16.4-0ubuntu0.24.04.1 postgresql-client-16 16.4-0ubuntu0.24.04.1 Ubuntu 22.04 LTS postgresql-14 14.13-0ubuntu0.22.04.1 postgresql-client-14 14.13-0ubuntu0.22.04.1 Ubuntu 20.04 LTS postgresql-12 12.20-0ubuntu0.20.04.1 postgresql-client-12 12.20-0ubuntu0.20.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes.
https://ubuntu.com/security/notices/USN-6968-1
CVE-2024-7348
Get the latest Linux and open source security news straight to your inbox.