USN-4027-1: PostgreSQL vulnerability
20 June 2019
PostgreSQL could be made to crash or run programs if it received specially crafted network traffic.
- postgresql-10 - Object-relational SQL database
- postgresql-11 - Object-relational SQL database
Alexander Lakhin discovered that PostgreSQL incorrectly handled
authentication. An authenticated attacker or a rogue server could use this
issue to cause PostgreSQL to crash, resulting in a denial of service, or
possibly execute arbitrary code. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
The problem can be corrected by updating your system to the following package versions:
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.