USN-6538-2: PostgreSQL vulnerabilities
USN-6538-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-5868) Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL array values. A remote attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. (CVE-2023-5869) Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL allowed the pgsignalbackend role to signal certain superuser processes, contrary to expectations. (CVE-2023-5870)
Affected Software
Event History
Frequently Asked Questions
What is the severity of USN-6538-2?
USN-6538-2 addresses multiple vulnerabilities in PostgreSQL that could potentially allow remote attackers to exploit the system.
How do I fix USN-6538-2?
To address USN-6538-2, ensure that you update PostgreSQL to the version 10.23-0ubuntu0.18.04.2+esm1 or later on Ubuntu 18.04 LTS.
What versions of PostgreSQL are affected by USN-6538-2?
USN-6538-2 affects PostgreSQL version 10 on Ubuntu 18.04 LTS before upgrading to 10.23-0ubuntu0.18.04.2+esm1.
Is USN-6538-2 applicable to other Ubuntu versions?
USN-6538-2 specifically applies to Ubuntu 18.04 LTS and the specified PostgreSQL versions.
Who discovered the vulnerabilities fixed in USN-6538-2?
The vulnerabilities addressed in USN-6538-2 were discovered by Jingzhou Fu.