1. Ubuntu Security Notices
  2. USN-6968-3

USN-6968-3: PostgreSQL vulnerability

Publication date

14 October 2024

Overview

PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object.

Releases

Packages

Details

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16.

This update provides the corresponding updates for PostgreSQL-9.3 in
Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16.

This update provides the corresponding updates for PostgreSQL-9.3 in
Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

Update instructions

After a standard system update you need to restart PostgreSQL to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic postgresql-10 –  10.23-0ubuntu0.18.04.2+esm2  
postgresql-client-10 –  10.23-0ubuntu0.18.04.2+esm2  
14.04 trusty postgresql-9.3 –  9.3.24-0ubuntu0.14.04+esm1  
postgresql-client-9.3 –  9.3.24-0ubuntu0.14.04+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›