[USN-6366-1] PostgreSQL vulnerability
ian.constantin at canonical.com
Wed Sep 13 18:57:24 UTC 2023
Ubuntu Security Notice USN-6366-1
September 13, 2023
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
PostgreSQL could be made to execute commands as the bootstrap superuser.
- postgresql-9.5: Object-relational SQL database
It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
After a standard system update you need to restart PostgreSQL to make
all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 665 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce