Lucene search
UbuntuUSN-6656-1HistoryFeb 26, 2024 - 12:00 a.m.
PostgreSQL vulnerability
2024-02-2600:00:00
ubuntu.com
13
ubuntu
postgresql
vulnerability
privilege
sql
database
remote attacker
security
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%
Releases
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- postgresql-12 - Object-relational SQL database
- postgresql-14 - Object-relational SQL database
- postgresql-15 - Object-relational SQL database
Details
It was discovered that PostgreSQL incorrectly handled dropping privileges
when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or
automatic system were tricked into running a specially crafted command, a
remote attacker could possibly use this issue to execute arbitrary SQL
functions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | postgresql-15 | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libecpg-compat3 | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libecpg-compat3-dbgsym | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libecpg-dev | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libecpg-dev-dbgsym | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libecpg6 | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libecpg6-dbgsym | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libpgtypes3 | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libpgtypes3-dbgsym | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | libpq-dev | < 15.6-0ubuntu0.23.10.1 | UNKNOWN |
References
Related
openvas
openvas
almalinux
almalinux
Important: postgresql:15 security update
2024-02-22 00:00:00
Important: postgresql:10 security update
2024-02-26 00:00:00
Important: postgresql:12 security update
2024-02-26 00:00:00
freebsd
freebsd
nessus
nessus
Debian dsa-5622 : libecpg-compat3 - security update
2024-02-15 00:00:00
AlmaLinux 9 : postgresql:15 (ALSA-2024:0950)
2024-02-28 00:00:00
Oracle Linux 8 : postgresql:10 (ELSA-2024-0956)
2024-02-28 00:00:00
oraclelinux
oraclelinux
postgresql:12 security update
2024-02-27 00:00:00
postgresql security update
2024-02-23 00:00:00
postgresql:10 security update
2024-02-28 00:00:00
rocky
rocky
postgresql:15 security update
2024-03-12 15:42:26
postgresql:10 security update
2024-03-12 15:41:47
postgresql security update
2024-05-10 14:32:38
redhat
redhat
(RHSA-2024:1422) Important: postgresql security update
2024-03-19 17:24:02
(RHSA-2024:1428) Important: postgresql security update
2024-03-19 17:52:59
(RHSA-2024:0951) Important: postgresql security update
2024-02-22 16:09:55
osv
osv
Important: postgresql:15 security update
2024-03-12 15:42:50
postgresql-15 - security update
2024-02-14 00:00:00
Important: postgresql:15 security update
2024-02-26 00:00:00
cve
cve
CVE-2024-0985
2024-02-08 13:15:08
ubuntu
ubuntu
PostgreSQL vulnerability
2024-03-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-0985 affecting package postgresql for versions less than 16.3-1
2024-05-31 18:55:08
CVE-2024-0985 affecting package postgresql for versions less than 14.11-1
2024-03-05 17:52:42
cvelist
cvelist
debiancve
debiancve
CVE-2024-0985
2024-02-08 13:15:08
ubuntucve
ubuntucve
CVE-2024-0985
2024-02-08 00:00:00
prion
prion
Command injection
2024-02-08 13:15:00
debian
debian
[SECURITY] [DSA 5622-1] postgresql-13 security update
2024-02-14 19:59:34
[SECURITY] [DLA 3764-1] postgresql-11 security update
2024-03-18 15:47:29
[SECURITY] [DSA 5623-1] postgresql-15 security update
2024-02-14 20:00:02
cloudfoundry
cloudfoundry
USN-6656-1: PostgreSQL vulnerability | Cloud Foundry
2024-04-04 00:00:00
ibm
ibm
redos
redos
ROS-20240322-01
2024-03-22 00:00:00
ROS-20240626-14
2024-06-26 00:00:00
kaspersky
kaspersky
KLA63867 OSI vulnerability in PostgreSQL
2024-02-08 00:00:00
mageia
mageia
Updated postgresql15 and postgresql13 packages fix a security vulnerability
2024-02-19 20:35:05
veracode
veracode
Privilege Escalation
2024-02-12 20:33:39
nvd
nvd
CVE-2024-0985
2024-02-08 13:15:08
f5
f5
K000140188: PostgreSQL vulnerability CVE-2024-0985
2024-06-28 00:00:00
wolfi
wolfi
CVE-2024-0985 vulnerabilities
2024-06-28 21:08:33
redhatcve
redhatcve
CVE-2024-0985
2024-02-08 17:06:09
cgr
cgr
CVE-2024-0985 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2024-0985
2024-02-08 13:15:08
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0564
2024-02-14 00:00:00
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%
Related for USN-6656-1