Alerts This Week
Warning Icon 1 1,129
Alerts This Week
Warning Icon 1 1,129

Ubuntu 7358-1: PostgreSQL Security Advisory Updates

ubuntu
Calendar Grey March 19, 2025
Dist Ubuntu Esm H88
Urgent updates for PostgreSQL on Ubuntu 16.04 to address multiple critical security issues. Action recommended!
Several security issues were fixed in PostgreSQL.

Summary

Several security issues were fixed in PostgreSQL.

Software Description:

- postgresql-9.5: Object-relational SQL database

Details:

Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with

row security. A remote attacker could possibly use this issue to perform

forbidden reads and modifications. (CVE-2024-10976)

Jacob Champion discovered that PostgreSQL clients used untrusted server

error messages. An attacker that is able to intercept network

communications could possibly use this issue to inject error messages that

could be interpreted as valid query results. (CVE-2024-10977)

Tom Lane discovered that PostgreSQL incorrectly handled certain privilege

assignments. A remote attacker could possibly use this issue to view or

change different rows from those intended. (CVE-2024-10978)

Coby Abrams discovered that PostgreSQL incorrectly handled environment

variables. A remote attacker could possibly use this issue to execute

arbitrary code. (C...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory data security remote access ubuntu postgresql

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
   postgresql-9.5                  9.5.25-0ubuntu0.16.04.1+esm10
                                   Available with Ubuntu Pro
   postgresql-client-9.5           9.5.25-0ubuntu0.16.04.1+esm10
                                   Available with Ubuntu Pro

After a standard system update you need to restart PostgreSQL to make all
the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7358-1

  CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7358-1

Topics%20covered

Topics Covered

security advisory data security remote access ubuntu postgresql

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here