USN-6230-1: PostgreSQL vulnerability
13 July 2023
PostgreSQL could be made to run code with elevated privileges.
Releases
Packages
- postgresql-9.5 - Object-relational SQL database
Details
Alexander Lakhin discovered that PostgreSQL incorrectly handled certain
CREATE privileges. An authenticated user could possibly use this issue to
execute arbitrary code as the bootstrap supervisor.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
postgresql-9.5
-
9.5.25-0ubuntu0.16.04.1+esm4
Available with Ubuntu Pro
-
postgresql-client-9.5
-
9.5.25-0ubuntu0.16.04.1+esm4
Available with Ubuntu Pro
After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References
Related notices
- USN-6104-1: libpgtypes3, postgresql-plperl-14, postgresql-pltcl-12, postgresql-client-14, postgresql-client-10, postgresql-plperl-12, postgresql-15, postgresql-doc-10, postgresql-doc-12, postgresql-server-dev-15, libpq5, postgresql-plperl-10, postgresql-12, postgresql-plpython3-10, postgresql-server-dev-10, postgresql-pltcl-15, postgresql-plpython3-14, libecpg-dev, postgresql-doc-15, postgresql-plpython3-15, postgresql-14, postgresql-plpython3-12, postgresql-pltcl-10, postgresql-client-15, libpq-dev, postgresql-doc-14, postgresql-plpython-10, postgresql-plperl-15, postgresql-client-12, postgresql-10, postgresql-server-dev-12, postgresql-server-dev-14, libecpg6, libecpg-compat3, postgresql-pltcl-14