First published: Tue Jan 09 2024(Updated: )
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. (CVE-2023-5869) Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pg_signal_backend role to signal certain superuser processes, contrary to expectations. (CVE-2023-5870)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/postgresql-9.5 | <9.5.25-0ubuntu0.16.04.1+esm6 | 9.5.25-0ubuntu0.16.04.1+esm6 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/postgresql-client-9.5 | <9.5.25-0ubuntu0.16.04.1+esm6 | 9.5.25-0ubuntu0.16.04.1+esm6 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.