Ubuntu 16.04 LTS: USN-6968-2 critical: PostgreSQL-9.5 SQL execution issue
ubuntu
September 19, 2024
PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object.
Summary
PostgreSQL could execute arbitrary SQL functions as the superuser
if it received a specially crafted SQL object.
Software Description:
- postgresql-9.5: Object-relational SQL database
Details:
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16
This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.
Original advisory details:
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm8 Available with Ubuntu Pro postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm8 Available with Ubuntu Pro After a standard system update you need to restart PostgreSQL to make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6968-2
https://ubuntu.com/security/notices/USN-6968-1
CVE-2024-7348
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6968-2
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!