========================================================================== Ubuntu Security Notice USN-6968-2 September 19, 2024
postgresql-9.5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object. Software Description: - postgresql-9.5: Object-relational SQL database Details: USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm8 Available with Ubuntu Pro postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm8 Available with Ubuntu Pro After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6968-2 https://ubuntu.com/security/notices/USN-6968-1 CVE-2024-7348
OpenPGP_0x703AAD91046CD76E.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
