Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Ubuntu Security Notice USN-6656-2[6]
- Authored by Ubuntu[7] | Site security.ubuntu.com[8]
-
Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.
- systems | linux[9], ubuntu[10]
- advisories | CVE-2024-0985[11]
- SHA-256 |
f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00a
- Download[12] | Favorite[13] | View[14]
Change Mirror[15] Download[16]
==========================================================================
Ubuntu Security Notice USN-6656-2
March 12, 2024
postgresql-9.5 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
PostgreSQL could be made to run arbitrary SQL.
Software Description:
- postgresql-9.5: Object-relational SQL database
Details:
USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides
the corresponding updates for Ubuntu 16.04 LTS
Original advisory details:
It was discovered that PostgreSQL incorrectly handled dropping privileges
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or
automatic system were tricked into running a specially crafted command, a
remote attacker could possibly use this issue to execute arbitrary SQL
functions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm7
postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm7
After a standard system update you need to restart PostgreSQL to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6656-2
https://ubuntu.com/security/notices/USN-6656-1
CVE-2024-0985
File Tags
- ActiveX[22] (933)
- Advisory[23] (84,448)
- Arbitrary[24] (16,594)
- BBS[25] (2,859)
- Bypass[26] (1,821)
- CGI[27] (1,032)
- Code Execution[28] (7,585)
- Conference[29] (687)
- Cracker[30] (844)
- CSRF[31] (3,370)
- DoS[32] (24,406)
- Encryption[33] (2,383)
- Exploit[34] (52,636)
- File Inclusion[35] (4,247)
- File Upload[36] (982)
- Firewall[37] (822)
- Info Disclosure[38] (2,834)
- Intrusion Detection[39] (905)
- Java[40] (3,117)
- JavaScript[41] (888)
- Kernel[42] (6,957)
- Local[43] (14,668)
- Magazine[44] (586)
- Overflow[45] (12,995)
- Perl[46] (1,430)
- PHP[47] (5,176)
- Proof of Concept[48] (2,364)
- Protocol[49] (3,688)
- Python[50] (1,595)
- Remote[51] (31,310)
- Root[52] (3,615)
- Rootkit[53] (519)
- Ruby[54] (617)
- Scanner[55] (1,648)
- Security Tool[56] (7,965)
- Shell[57] (3,237)
- Shellcode[58] (1,217)
- Sniffer[59] (899)
- Spoof[60] (2,255)
- SQL Injection[61] (16,496)
- TCP[62] (2,421)
- Trojan[63] (688)
- UDP[64] (896)
- Virus[65] (668)
- Vulnerability[66] (32,480)
- Web[67] (9,844)
- Whitepaper[68] (3,768)
- x86[69] (966)
- XSS[70] (18,132)
- Other[71]
File Archives
- March 2024[72]
- February 2024[73]
- January 2024[74]
- December 2023[75]
- November 2023[76]
- October 2023[77]
- September 2023[78]
- August 2023[79]
- July 2023[80]
- June 2023[81]
- May 2023[82]
- April 2023[83]
- Older[84]
Systems
- AIX[85] (429)
- Apple[86] (2,060)
- BSD[87] (375)
- CentOS[88] (57)
- Cisco[89] (1,926)
- Debian[90] (6,981)
- Fedora[91] (1,693)
- FreeBSD[92] (1,246)
- Gentoo[93] (4,466)
- HPUX[94] (880)
- iOS[95] (369)
- iPhone[96] (108)
- IRIX[97] (220)
- Juniper[98] (69)
- Linux[99] (48,865)
- Mac OS X[100] (691)
- Mandriva[101] (3,105)
- NetBSD[102] (256)
- OpenBSD[103] (488)
- RedHat[104] (15,256)
- Slackware[105] (941)
- Solaris[106] (1,611)
- SUSE[107] (1,444)
- Ubuntu[108] (9,357)
- UNIX[109] (9,373)
- UnixWare[110] (187)
- Windows[111] (6,637)
- Other[112]
- Services
- Security Services[123]
- Hosting By
- Rokasec[124]
Read more https://packetstormsecurity.com/files/177548/USN-6656-2.txt