1. Ubuntu Security Notices
  2. USN-6968-2

USN-6968-2: PostgreSQL vulnerability

Publication date

19 September 2024

Overview

PostgreSQL could execute arbitrary SQL functions as the superuser if it received a specially crafted SQL object.

Releases

Packages

Details

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16

This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16

This update provides the corresponding updates for PostgreSQL-9.5 in
Ubuntu 16.04 LTS.

Original advisory details:

Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.

Update instructions

After a standard system update you need to restart PostgreSQL to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
16.04 xenial postgresql-9.5 –  9.5.25-0ubuntu0.16.04.1+esm8  
postgresql-client-9.5 –  9.5.25-0ubuntu0.16.04.1+esm8  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›