Ubuntu Security Notice 6230-1 - Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor.
03c3a5ddd6a4b155e3af1571ca65fc525e542099889b815c5e6a46606b3e77f1==========================================================================
Ubuntu Security Notice USN-6230-1
July 13, 2023
postgresql-9.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
PostgreSQL could be made to run code with elevated privileges.
Software Description:
- postgresql-9.5: Object-relational SQL database
Details:
Alexander Lakhin discovered that PostgreSQL incorrectly handled certain
CREATE privileges. An authenticated user could possibly use this issue to
execute arbitrary code as the bootstrap supervisor.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm4
postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm4
After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6230-1
https://ubuntu.com/security/notices/USN-6104-1
CVE-2023-2454
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed