Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.04 LTS: USN-6968-1 Critical: PostgreSQL SQL Functions Risk

ubuntu
Calendar Grey August 19, 2024
Dist Ubuntu Esm H88
In light of the security vulnerabilities in PostgreSQL noted in USN-6968-1, Ubuntu users must act swiftly to protect their systems from potential risks
PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object.

Summary

PostgreSQL could execute arbitrary SQL functions as the superuser

if it received a specially crafted SQL object.

Software Description:

- postgresql-16: Object-relational SQL database

- postgresql-14: Object-relational SQL database

- postgresql-12: Object-relational SQL database

Details:

Noah Misch discovered that PostgreSQL incorrectly handled certain

SQL objects. An attacker could possibly use this issue to execute

arbitrary SQL functions as the superuser.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  postgresql-16                   16.4-0ubuntu0.24.04.1
  postgresql-client-16            16.4-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
  postgresql-14                   14.13-0ubuntu0.22.04.1
  postgresql-client-14            14.13-0ubuntu0.22.04.1

Ubuntu 20.04 LTS
  postgresql-12                   12.20-0ubuntu0.20.04.1
  postgresql-client-12            12.20-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6968-1

CVE-2024-7348

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6968-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here