First published: Wed Jan 17 2024(Updated: )
USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-5868) Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. (CVE-2023-5869) Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations. (CVE-2023-5870)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/postgresql-10 | <10.23-0ubuntu0.18.04.2+esm1 | 10.23-0ubuntu0.18.04.2+esm1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/postgresql-client-10 | <10.23-0ubuntu0.18.04.2+esm1 | 10.23-0ubuntu0.18.04.2+esm1 |
Ubuntu Ubuntu | =18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)