-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmWdnxAFAwAAAAAACgkQa1+PL+d1/EgL
5Qv+Mvc1GA3iRV7s6Z6H+WDXXuMImOsKVtplZpwnCjEaB6jYbtnl1YA0+zilNkwR1+rpaHWr9bM5
zS7+E5EfhLqJ3u8umLySVRhyOneGFsy6UBHb9q9UFCk6WmdOyt6aYS4vtuidcHxTqJF0QtLlcIvu
YJUbefuuc9Ze+Ozk7b7mqCebB+kRkoulwjMNvA7QsZelnc6J62MsLWukWQjYQdh6OkOa5h9nlCNR
BXt2igCGFfRw+brhKFjWnuYsRP4gpu/IE1H5AOuA1Rs5rWF0JiTW5rhJPr7s2pw1GcIr0pgdT7QC
lW9rAVsY7uVEDIL8b/nGpi3XEr3BUAcIwPnro1E81Pm1PoNaomxyQ95iskEkzr7XqLE0Aza/7Wzv
WHn1mz/85KOWBFh17hvWd1y/b2DTBICIiRB7g4qInw4bN/wGCt46hgVgNmcYdbMtsMb3ej9YHKRc
Etw496XtivouKZvvv3xv/PKl+92zMBkZRA3dRI07xdfgvE7RhBZUsq26IuVs
=q/OR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6570-1
January 09, 2024
postgresql-9.5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
- postgresql-9.5: Object-relational SQL database
Details:
Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying
certain SQL array values. A remote attacker could use this issue to obtain
sensitive information, or possibly execute arbitrary code. (CVE-2023-5869)
Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL
allowed the pg_signal_backend role to signal certain superuser processes,
contrary to expectations. (CVE-2023-5870)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
postgresql-9.5 9.5.25-0ubuntu0.16.04.1+esm6
postgresql-client-9.5 9.5.25-0ubuntu0.16.04.1+esm6
After a standard system update you need to restart PostgreSQL to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6570-1
CVE-2023-5869, CVE-2023-5870
No comments:
Post a Comment