First published: Wed Sep 13 2023(Updated: )
It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/postgresql-9.5 | <9.5.25-0ubuntu0.16.04.1+esm5 | 9.5.25-0ubuntu0.16.04.1+esm5 |
=16.04 | ||
All of | ||
ubuntu/postgresql-client-9.5 | <9.5.25-0ubuntu0.16.04.1+esm5 | 9.5.25-0ubuntu0.16.04.1+esm5 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this PostgreSQL vulnerability is USN-6366-1.
The severity of the USN-6366-1 vulnerability is not mentioned in the provided information.
The software affected by the USN-6366-1 vulnerability is PostgreSQL version 9.5.25-0ubuntu0.16.04.1+esm5 and PostgreSQL client version 9.5.25-0ubuntu0.16.04.1+esm5 on Ubuntu 16.04.
The remedy for the USN-6366-1 vulnerability is to update PostgreSQL and PostgreSQL client to version 9.5.25-0ubuntu0.16.04.1+esm5.
You can find more information about the USN-6366-1 vulnerability at the following references: [CVE-2023-39417](https://ubuntu.com/security/CVE-2023-39417), [USN-6296-1](https://ubuntu.com/security/notices/USN-6296-1), [USN-6366-1](https://ubuntu.com/security/notices/USN-6366-1).