Lucene search

K
ubuntuUbuntuUSN-6296-1
HistoryAug 17, 2023 - 12:00 a.m.

PostgreSQL vulnerabilities

2023-08-1700:00:00
ubuntu.com
30
postgresql
ubuntu
vulnerabilities
cve-2023-39417
cve-2023-39418
packages

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%

Releases

  • Ubuntu 23.04
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • postgresql-12 - Object-relational SQL database
  • postgresql-14 - Object-relational SQL database
  • postgresql-15 - Object-relational SQL database

Details

It was discovered that PostgreSQL incorrectly handled certain extension
script substitutions. An attacker having database-level CREATE privileges
can use this issue to execute arbitrary code as the bootstrap superuser.
(CVE-2023-39417)

It was discovered that PostgreSQL incorrectly handled the MERGE command. A
remote attacker could possibly use this issue to bypass certain UPDATE and
SELECT policies. This issue only affected Ubuntu 23.04. (CVE-2023-39418)

OSVersionArchitecturePackageVersionFilename
Ubuntu23.04noarchpostgresql-15< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibecpg-compat3< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibecpg-compat3-dbgsym< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibecpg-dev< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibecpg-dev-dbgsym< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibecpg6< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibecpg6-dbgsym< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibpgtypes3< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibpgtypes3-dbgsym< 15.4-0ubuntu0.23.04.1UNKNOWN
Ubuntu23.04noarchlibpq-dev< 15.4-0ubuntu0.23.04.1UNKNOWN
Rows per page:
1-10 of 691

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.6%