USN-5645-1: PostgreSQL vulnerabilities
Publication date
28 September 2022
Overview
Several security issues were fixed in PostgreSQL.
Releases
Packages
- postgresql-9.5 - Object-relational SQL database
Details
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established. (CVE-2021-23214)
Tom Lane discovered that PostgreSQL incorrect handled certain array
subscripting calculations. An authenticated attacker could possibly use
this issue to overwrite server memory and escalate privileges.
(CVE-2021-32027)
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established. (CVE-2021-23214)
Tom Lane discovered that PostgreSQL incorrect handled certain array
subscripting calculations. An authenticated attacker could possibly use
this issue to overwrite server memory and escalate privileges.
(CVE-2021-32027)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 16.04 xenial | postgresql-9.5 – 9.5.25-0ubuntu0.16.04.1+esm1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.