PublicDateAtUSN: 2015-02-06
Candidate: CVE-2014-8161
PublicDate: 2020-01-27 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
 https://ubuntu.com/security/notices/USN-2499-1
Description:
 PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x
 before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to
 obtain sensitive column values by triggering constraint violation and then
 reading the error message.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/postgresql-9.4/+bug/1418928
Priority: medium
Discovered-by: Stephen Frost
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.11-2)
lucid_postgresql-9.1: DNE
precise_postgresql-9.1: released (9.1.15-0ubuntu0.12.04)
precise/esm_postgresql-9.1: released (9.1.15-0ubuntu0.12.04)
trusty_postgresql-9.1: released (9.1.15-0ubuntu0.14.04)
trusty/esm_postgresql-9.1: DNE (trusty was released [9.1.15-0ubuntu0.14.04])
utopic_postgresql-9.1: DNE
vivid_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
vivid/ubuntu-core_postgresql-9.1: DNE
wily_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.6)
lucid_postgresql-9.3: DNE
precise_postgresql-9.3: DNE
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.6-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.6-0ubuntu0.14.04)
utopic_postgresql-9.3: DNE
vivid_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
vivid/ubuntu-core_postgresql-9.3: DNE
wily_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.4:
upstream_postgresql-9.4: released (9.4.1-1)
lucid_postgresql-9.4: DNE
precise_postgresql-9.4: DNE
precise/esm_postgresql-9.4: DNE
trusty_postgresql-9.4: DNE
trusty/esm_postgresql-9.4: DNE
utopic_postgresql-9.4: released (9.4.1-0ubuntu0.14.10)
vivid_postgresql-9.4: not-affected (9.4.1-1)
vivid/stable-phone-overlay_postgresql-9.4: DNE
vivid/ubuntu-core_postgresql-9.4: DNE
wily_postgresql-9.4: not-affected (9.4.1-1)
xenial_postgresql-9.4: DNE
yakkety_postgresql-9.4: DNE
zesty_postgresql-9.4: DNE
devel_postgresql-9.4: DNE

Patches_postgresql-8.4:
upstream_postgresql-8.4: ignored (reached end-of-life)
lucid_postgresql-8.4: released (8.4.22-0ubuntu0.10.04.1)
precise_postgresql-8.4: ignored (reached end-of-life)
precise/esm_postgresql-8.4: DNE (precise was needed)
trusty_postgresql-8.4: DNE
trusty/esm_postgresql-8.4: DNE
utopic_postgresql-8.4: DNE
vivid_postgresql-8.4: DNE
vivid/stable-phone-overlay_postgresql-8.4: DNE
vivid/ubuntu-core_postgresql-8.4: DNE
wily_postgresql-8.4: DNE
xenial_postgresql-8.4: DNE
yakkety_postgresql-8.4: DNE
zesty_postgresql-8.4: DNE
devel_postgresql-8.4: DNE