[USN-6366-1] PostgreSQL vulnerability
Ubuntu Security Notice USN-6366-1
September 13, 2023
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
PostgreSQL could be made to execute commands as the bootstrap superuser.
- postgresql-9.5: Object-relational SQL database
It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.
The problem can be corrected by updating your system to the following
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
After a standard system update you need to restart PostgreSQL to make
all the necessary changes.
A PostgreSQL security update has been released for Ubuntu Linux 16.04 LTS.