Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 18.04 & 14.04: USN-6968-3 critical: postgresql sql execution

ubuntu
Calendar Grey October 14, 2024
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-6969-4 provides critical patches for MySQL security flaws in Ubuntu 20.04 and 16.04 LTS.
PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 14.04 LTS Summary: PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object. Software Description: - postgresql-10: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Details: USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.

Topics%20covered

Topics Covered

security advisory security update critical ubuntu arbitrary execution postgresql sql issue

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS postgresql-10 10.23-0ubuntu0.18.04.2+esm2 Available with Ubuntu Pro postgresql-client-10 10.23-0ubuntu0.18.04.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS postgresql-9.3 9.3.24-0ubuntu0.14.04+esm1 Available with Ubuntu Pro postgresql-client-9.3 9.3.24-0ubuntu0.14.04+esm1 Available with Ubuntu Pro After a standard system update you need to restart PostgreSQL to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6968-3

https://ubuntu.com/security/notices/USN-6968-2

https://ubuntu.com/security/notices/USN-6968-1

CVE-2024-7348

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6968-3

Topics%20covered

Topics Covered

security advisory security update critical ubuntu arbitrary execution postgresql sql issue

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here