- Vulnerability/
- USN-6230-1
USN-6230-1: PostgreSQL vulnerability
First published: Thu Jul 13 2023(Updated: )
Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/postgresql-9.5 | <9.5.25-0ubuntu0.16.04.1+esm4 | 9.5.25-0ubuntu0.16.04.1+esm4 |
| =16.04 | ||
| All of | ||
| ubuntu/postgresql-client-9.5 | <9.5.25-0ubuntu0.16.04.1+esm4 | 9.5.25-0ubuntu0.16.04.1+esm4 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this PostgreSQL vulnerability?
The vulnerability ID for this PostgreSQL vulnerability is USN-6230-1.
What is the severity of USN-6230-1?
The severity of USN-6230-1 is not specified in the description.
How does the PostgreSQL vulnerability affect the system?
The PostgreSQL vulnerability allows an authenticated user to execute arbitrary code as the bootstrap supervisor.
Which versions of PostgreSQL are affected by USN-6230-1?
Versions 9.5.25-0ubuntu0.16.04.1+esm4 of PostgreSQL and postgresql-client-9.5 are affected by USN-6230-1.
How can I fix the PostgreSQL vulnerability described in USN-6230-1?
To fix the PostgreSQL vulnerability, update to the version 9.5.25-0ubuntu0.16.04.1+esm4 or later.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6104-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04