USN-7132-1
- Source
- https://ubuntu.com/security/notices/USN-7132-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7132-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7132-1
- Upstream
- Related
- Published
- 2024-12-02T12:30:50.130613Z
- Modified
- 2025-10-13T04:39:08Z
- Summary
- postgresql-12, postgresql-14, postgresql-16 vulnerabilities
- Details
-
It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. (CVE-2024-10976)
Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results. (CVE-2024-10977)
Tom Lane discovered that PostgreSQL incorrectly handled certain privilege assignments. A remote attacker could possibly use this issue to view or change different rows from those intended. (CVE-2024-10978)
Coby Abrams discovered that PostgreSQL incorrectly handled environment variables. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-10979)
- References
Affected packages
Ubuntu:20.04:LTS / postgresql-12
Package
- Name
- postgresql-12
- Purl
- pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.22-0ubuntu0.20.04.1
Affected versions
12.*
12.0-1
12.1-1
12.1-2build1
12.2-1
12.2-1ubuntu2
12.2-4
12.4-0ubuntu0.20.04.1
12.5-0ubuntu0.20.04.1
12.6-0ubuntu0.20.04.1
12.7-0ubuntu0.20.04.1
12.8-0ubuntu0.20.04.1
12.9-0ubuntu0.20.04.1
12.10-0ubuntu0.20.04.1
12.11-0ubuntu0.20.04.1
12.12-0ubuntu0.20.04.1
12.13-0ubuntu0.20.04.1
12.14-0ubuntu0.20.04.1
12.15-0ubuntu0.20.04.1
12.16-0ubuntu0.20.04.1
12.17-0ubuntu0.20.04.1
12.18-0ubuntu0.20.04.1
12.19-0ubuntu0.20.04.1
12.20-0ubuntu0.20.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "libecpg-dev",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "libpq-dev",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-client-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-doc-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-plperl-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-plpython3-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-pltcl-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
},
{
"binary_name": "postgresql-server-dev-12",
"binary_version": "12.22-0ubuntu0.20.04.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-10976",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10977",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10978",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10979",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS / postgresql-14
Package
- Name
- postgresql-14
- Purl
- pkg:deb/ubuntu/postgresql-14@14.15-0ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.15-0ubuntu0.22.04.1
Affected versions
14.*
14.1-1ubuntu1
14.2-1
14.2-1ubuntu1
14.3-0ubuntu0.22.04.1
14.4-0ubuntu0.22.04.1
14.5-0ubuntu0.22.04.1
14.6-0ubuntu0.22.04.1
14.7-0ubuntu0.22.04.1
14.8-0ubuntu0.22.04.1
14.9-0ubuntu0.22.04.1
14.10-0ubuntu0.22.04.1
14.11-0ubuntu0.22.04.1
14.12-0ubuntu0.22.04.1
14.13-0ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg-dev",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq-dev",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-client-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-doc-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plperl-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-plpython3-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-pltcl-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
},
{
"binary_name": "postgresql-server-dev-14",
"binary_version": "14.15-0ubuntu0.22.04.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-10976",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10977",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10978",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10979",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / postgresql-16
Package
- Name
- postgresql-16
- Purl
- pkg:deb/ubuntu/postgresql-16@16.6-0ubuntu0.24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed16.6-0ubuntu0.24.04.1
Affected versions
16.*
16.0-2
16.1-1
16.1-1build1
16.1-1build3
16.2-1
16.2-1ubuntu2
16.2-1ubuntu3
16.2-1ubuntu4
16.3-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libecpg-compat3",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg-dev",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "libecpg6",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "libpgtypes3",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq-dev",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "libpq5",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-client-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-doc-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plperl-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-plpython3-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-pltcl-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
},
{
"binary_name": "postgresql-server-dev-16",
"binary_version": "16.6-0ubuntu0.24.04.1"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"cves": [
{
"id": "CVE-2024-10976",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10977",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10978",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2024-10979",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}