USN-5571-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-5571-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5571-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5571-1
Related
Published
2022-08-18T16:19:58.603616Z
Modified
2022-08-18T16:19:58.603616Z
Summary
postgresql-10, postgresql-12, postgresql-14 vulnerability
Details

Sven Klemm discovered that PostgreSQL incorrectly handled extensions. An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated.

References

Affected packages

Ubuntu:22.04:LTS / postgresql-14

Package

Name
postgresql-14

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.5-0ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "postgresql-client-14": "14.5-0ubuntu0.22.04.1",
            "libpgtypes3": "14.5-0ubuntu0.22.04.1",
            "libecpg6": "14.5-0ubuntu0.22.04.1",
            "libpq-dev": "14.5-0ubuntu0.22.04.1",
            "postgresql-doc-14": "14.5-0ubuntu0.22.04.1",
            "postgresql-server-dev-14": "14.5-0ubuntu0.22.04.1",
            "libecpg-dev": "14.5-0ubuntu0.22.04.1",
            "libecpg-compat3": "14.5-0ubuntu0.22.04.1",
            "libpq5": "14.5-0ubuntu0.22.04.1",
            "postgresql-plperl-14": "14.5-0ubuntu0.22.04.1",
            "postgresql-14": "14.5-0ubuntu0.22.04.1",
            "postgresql-pltcl-14": "14.5-0ubuntu0.22.04.1",
            "postgresql-plpython3-14": "14.5-0ubuntu0.22.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / postgresql-10

Package

Name
postgresql-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.22-0ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libecpg6": "10.22-0ubuntu0.18.04.1",
            "libecpg-dev": "10.22-0ubuntu0.18.04.1",
            "postgresql-plperl-10": "10.22-0ubuntu0.18.04.1",
            "libpq5": "10.22-0ubuntu0.18.04.1",
            "postgresql-client-10": "10.22-0ubuntu0.18.04.1",
            "postgresql-10": "10.22-0ubuntu0.18.04.1",
            "libpgtypes3": "10.22-0ubuntu0.18.04.1",
            "libpq-dev": "10.22-0ubuntu0.18.04.1",
            "postgresql-doc-10": "10.22-0ubuntu0.18.04.1",
            "postgresql-plpython-10": "10.22-0ubuntu0.18.04.1",
            "libecpg-compat3": "10.22-0ubuntu0.18.04.1",
            "postgresql-server-dev-10": "10.22-0ubuntu0.18.04.1",
            "postgresql-pltcl-10": "10.22-0ubuntu0.18.04.1",
            "postgresql-plpython3-10": "10.22-0ubuntu0.18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / postgresql-12

Package

Name
postgresql-12

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.12-0ubuntu0.20.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libpq-dev": "12.12-0ubuntu0.20.04.1",
            "libecpg6": "12.12-0ubuntu0.20.04.1",
            "postgresql-plpython3-12": "12.12-0ubuntu0.20.04.1",
            "postgresql-doc-12": "12.12-0ubuntu0.20.04.1",
            "libpgtypes3": "12.12-0ubuntu0.20.04.1",
            "postgresql-pltcl-12": "12.12-0ubuntu0.20.04.1",
            "libecpg-dev": "12.12-0ubuntu0.20.04.1",
            "postgresql-plperl-12": "12.12-0ubuntu0.20.04.1",
            "postgresql-server-dev-12": "12.12-0ubuntu0.20.04.1",
            "postgresql-12": "12.12-0ubuntu0.20.04.1",
            "postgresql-client-12": "12.12-0ubuntu0.20.04.1",
            "libpq5": "12.12-0ubuntu0.20.04.1",
            "libecpg-compat3": "12.12-0ubuntu0.20.04.1"
        }
    ]
}