UBUNTU-CVE-2024-10979

Source
https://ubuntu.com/security/CVE-2024-10979
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-10979.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-10979
Related
Published
2024-11-14T13:15:00Z
Modified
2024-11-20T12:22:40Z
Summary
[none]
Details

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

References

Affected packages

Ubuntu:Pro:14.04:LTS / postgresql-9.3

Package

Name
postgresql-9.3
Purl
pkg:deb/ubuntu/postgresql-9.3?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.3.1-1
9.3.2-1
9.3.2-1ubuntu1
9.3.2-1ubuntu2
9.3.3-1
9.3.3-1bzr1
9.3.3-1bzr2
9.3.4-1
9.3.5-0ubuntu0.14.04.1
9.3.6-0ubuntu0.14.04
9.3.7-0ubuntu0.14.04
9.3.8-0ubuntu0.4.04
9.3.9-0ubuntu0.14.04
9.3.10-0ubuntu0.14.04
9.3.11-0ubuntu0.14.04
9.3.12-0ubuntu0.14.04
9.3.13-0ubuntu0.14.04
9.3.14-0ubuntu0.14.04
9.3.15-0ubuntu0.14.04
9.3.16-0ubuntu0.14.04
9.3.17-0ubuntu0.14.04
9.3.18-0ubuntu0.14.04.1
9.3.19-0ubuntu0.14.04
9.3.20-0ubuntu0.14.04
9.3.21-0ubuntu0.14.04
9.3.22-0ubuntu0.14.04
9.3.23-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / postgresql-9.5

Package

Name
postgresql-9.5
Purl
pkg:deb/ubuntu/postgresql-9.5?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.5.0-1
9.5.0-2
9.5.0-3
9.5.1-1
9.5.2-1
9.5.3-0ubuntu0.16.04
9.5.4-0ubuntu0.16.04
9.5.5-0ubuntu0.16.04
9.5.6-0ubuntu0.16.04
9.5.7-0ubuntu0.16.04
9.5.8-0ubuntu0.16.04.1
9.5.9-0ubuntu0.16.04
9.5.10-0ubuntu0.16.04
9.5.11-0ubuntu0.16.04
9.5.12-0ubuntu0.16.04
9.5.13-0ubuntu0.16.04
9.5.14-0ubuntu0.16.04
9.5.16-0ubuntu0.16.04.1
9.5.17-0ubuntu0.16.04.1
9.5.18-0ubuntu0.16.04.1
9.5.19-0ubuntu0.16.04.1
9.5.21-0ubuntu0.16.04.1
9.5.23-0ubuntu0.16.04.1
9.5.24-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1+esm1
9.5.25-0ubuntu0.16.04.1+esm2
9.5.25-0ubuntu0.16.04.1+esm3
9.5.25-0ubuntu0.16.04.1+esm4
9.5.25-0ubuntu0.16.04.1+esm5
9.5.25-0ubuntu0.16.04.1+esm6
9.5.25-0ubuntu0.16.04.1+esm7
9.5.25-0ubuntu0.16.04.1+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / postgresql-10

Package

Name
postgresql-10
Purl
pkg:deb/ubuntu/postgresql-10?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.1-1
10.1-2
10.2-1
10.3-1
10.4-0ubuntu0.18.04
10.5-0ubuntu0.18.04
10.6-0ubuntu0.18.04.1
10.7-0ubuntu0.18.04.1
10.8-0ubuntu0.18.04.1
10.9-0ubuntu0.18.04.1
10.10-0ubuntu0.18.04.1
10.12-0ubuntu0.18.04.1
10.14-0ubuntu0.18.04.1
10.15-0ubuntu0.18.04.1
10.16-0ubuntu0.18.04.1
10.17-0ubuntu0.18.04.1
10.18-0ubuntu0.18.04.1
10.19-0ubuntu0.18.04.1
10.20-0ubuntu0.18.04.1
10.21-0ubuntu0.18.04.1
10.22-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.2
10.23-0ubuntu0.18.04.2+esm1
10.23-0ubuntu0.18.04.2+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / postgresql-12

Package

Name
postgresql-12
Purl
pkg:deb/ubuntu/postgresql-12?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.0-1
12.1-1
12.1-2build1
12.2-1
12.2-1ubuntu2
12.2-4
12.4-0ubuntu0.20.04.1
12.5-0ubuntu0.20.04.1
12.6-0ubuntu0.20.04.1
12.7-0ubuntu0.20.04.1
12.8-0ubuntu0.20.04.1
12.9-0ubuntu0.20.04.1
12.10-0ubuntu0.20.04.1
12.11-0ubuntu0.20.04.1
12.12-0ubuntu0.20.04.1
12.13-0ubuntu0.20.04.1
12.14-0ubuntu0.20.04.1
12.15-0ubuntu0.20.04.1
12.16-0ubuntu0.20.04.1
12.17-0ubuntu0.20.04.1
12.18-0ubuntu0.20.04.1
12.19-0ubuntu0.20.04.1
12.20-0ubuntu0.20.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / postgresql-14

Package

Name
postgresql-14
Purl
pkg:deb/ubuntu/postgresql-14?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

14.*

14.1-1ubuntu1
14.2-1
14.2-1ubuntu1
14.3-0ubuntu0.22.04.1
14.4-0ubuntu0.22.04.1
14.5-0ubuntu0.22.04.1
14.6-0ubuntu0.22.04.1
14.7-0ubuntu0.22.04.1
14.8-0ubuntu0.22.04.1
14.9-0ubuntu0.22.04.1
14.10-0ubuntu0.22.04.1
14.11-0ubuntu0.22.04.1
14.12-0ubuntu0.22.04.1
14.13-0ubuntu0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / postgresql-16

Package

Name
postgresql-16
Purl
pkg:deb/ubuntu/postgresql-16?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.2-1ubuntu4
16.3-1
16.4-1
16.4-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / postgresql-16

Package

Name
postgresql-16
Purl
pkg:deb/ubuntu/postgresql-16?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.0-2
16.1-1
16.1-1build1
16.1-1build3
16.2-1
16.2-1ubuntu2
16.2-1ubuntu3
16.2-1ubuntu4
16.3-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}