Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6968-1

Ubuntu Security Notice 6968-1 - Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.

Packet Storm
#sql#vulnerability#ubuntu#postgres

==========================================================================
Ubuntu Security Notice USN-6968-1
August 19, 2024

postgresql-12, postgresql-14, postgresql-16 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

PostgreSQL could execute arbitrary SQL functions as the superuser
if it received a specially crafted SQL object.

Software Description:

  • postgresql-16: Object-relational SQL database
  • postgresql-14: Object-relational SQL database
  • postgresql-12: Object-relational SQL database

Details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
postgresql-16 16.4-0ubuntu0.24.04.1
postgresql-client-16 16.4-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
postgresql-14 14.13-0ubuntu0.22.04.1
postgresql-client-14 14.13-0ubuntu0.22.04.1

Ubuntu 20.04 LTS
postgresql-12 12.20-0ubuntu0.20.04.1
postgresql-client-12 12.20-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6968-1
CVE-2024-7348

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-16/16.4-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/postgresql-14/14.13-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/postgresql-12/12.20-0ubuntu0.20.04.1

Related news

Ubuntu Security Notice USN-6968-3

Ubuntu Security Notice 6968-3 - USN-6968-1 fixedCVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.

Ubuntu Security Notice USN-6968-2

Ubuntu Security Notice 6968-2 - USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS. Noah Misch discovered that PostgreSQL incorrectly handled certain SQL objects. An attacker could possibly use this issue to execute arbitrary SQL functions as the superuser.

Red Hat Security Advisory 2024-6559-03

Red Hat Security Advisory 2024-6559-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Security Advisory 2024-6558-03

Red Hat Security Advisory 2024-6558-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Security Advisory 2024-6557-03

Red Hat Security Advisory 2024-6557-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Security Advisory 2024-6020-03

Red Hat Security Advisory 2024-6020-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-6018-03

Red Hat Security Advisory 2024-6018-03 - An update for the postgresql:13 module is now available for ed Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-6001-03

Red Hat Security Advisory 2024-6001-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-6000-03

Red Hat Security Advisory 2024-6000-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.10.

Red Hat Security Advisory 2024-5999-03

Red Hat Security Advisory 2024-5999-03 - An update for the postgresql is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-5929-03

Red Hat Security Advisory 2024-5929-03 - An update for the postgresql:16 module is now available for Red Hat Enterprise Linux 9.

Debian Security Advisory 5746-1

Debian Linux Security Advisory 5746-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

Debian Security Advisory 5745-1

Debian Linux Security Advisory 5745-1 - Noah Misch discovered a race condition in the pg_dump tool included in PostgreSQL, which may result in privilege escalation.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution