{"id":"USN-7358-1","summary":"postgresql-9.5 vulnerabilities","details":"Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with\nrow security. A remote attacker could possibly use this issue to perform\nforbidden reads and modifications. (CVE-2024-10976)\n\nJacob Champion discovered that PostgreSQL clients used untrusted server\nerror messages. An attacker that is able to intercept network\ncommunications could possibly use this issue to inject error messages that\ncould be interpreted as valid query results. (CVE-2024-10977)\n\nTom Lane discovered that PostgreSQL incorrectly handled certain privilege\nassignments. A remote attacker could possibly use this issue to view or\nchange different rows from those intended. (CVE-2024-10978)\n\nCoby Abrams discovered that PostgreSQL incorrectly handled environment\nvariables. A remote attacker could possibly use this issue to execute\narbitrary code. (CVE-2024-10979)\n","modified":"2026-04-27T17:49:15.918170Z","published":"2025-03-19T12:15:54Z","related":["UBUNTU-CVE-2024-10976","UBUNTU-CVE-2024-10977","UBUNTU-CVE-2024-10978","UBUNTU-CVE-2024-10979"],"upstream":["CVE-2024-10976","CVE-2024-10977","CVE-2024-10978","CVE-2024-10979","UBUNTU-CVE-2024-10976","UBUNTU-CVE-2024-10977","UBUNTU-CVE-2024-10978","UBUNTU-CVE-2024-10979"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7358-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-10976"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-10977"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-10978"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-10979"}],"affected":[{"package":{"name":"postgresql-9.5","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.5.25-0ubuntu0.16.04.1+esm10"}]}],"versions":["9.5.0-1","9.5.0-2","9.5.0-3","9.5.1-1","9.5.2-1","9.5.3-0ubuntu0.16.04","9.5.4-0ubuntu0.16.04","9.5.5-0ubuntu0.16.04","9.5.6-0ubuntu0.16.04","9.5.7-0ubuntu0.16.04","9.5.8-0ubuntu0.16.04.1","9.5.9-0ubuntu0.16.04","9.5.10-0ubuntu0.16.04","9.5.11-0ubuntu0.16.04","9.5.12-0ubuntu0.16.04","9.5.13-0ubuntu0.16.04","9.5.14-0ubuntu0.16.04","9.5.16-0ubuntu0.16.04.1","9.5.17-0ubuntu0.16.04.1","9.5.18-0ubuntu0.16.04.1","9.5.19-0ubuntu0.16.04.1","9.5.21-0ubuntu0.16.04.1","9.5.23-0ubuntu0.16.04.1","9.5.24-0ubuntu0.16.04.1","9.5.25-0ubuntu0.16.04.1","9.5.25-0ubuntu0.16.04.1+esm1","9.5.25-0ubuntu0.16.04.1+esm2","9.5.25-0ubuntu0.16.04.1+esm3","9.5.25-0ubuntu0.16.04.1+esm4","9.5.25-0ubuntu0.16.04.1+esm5","9.5.25-0ubuntu0.16.04.1+esm6","9.5.25-0ubuntu0.16.04.1+esm7","9.5.25-0ubuntu0.16.04.1+esm8"],"ecosystem_specific":{"binaries":[{"binary_name":"libecpg-compat3","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"libecpg6","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"libpgtypes3","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"libpq5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-client-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-contrib-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-doc-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-plperl-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-plpython-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-plpython3-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-pltcl-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"},{"binary_name":"postgresql-server-dev-9.5","binary_version":"9.5.25-0ubuntu0.16.04.1+esm10"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2024-10976","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-10977","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-10978","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-10979","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7358-1.json"}}],"schema_version":"1.7.5"}