CVE-2018-10925

Priority
Description
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14,
9.4.19, and 9.3.24 failed to properly check authorization on certain
statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker
with "CREATE TABLE" privileges could exploit this to read arbitrary bytes
server memory. If the attacker also had certain "INSERT" and limited
"UPDATE" privileges to a particular table, they could exploit this to
update other columns in the same table.
Notes
 debian> Only affects PostgreSQL 9.5 onwards
Package
Upstream:released (10.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (10.5-0ubuntu0.18.04)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (10.5-1)
Package
Upstream:not-affected (code not present)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Package
Upstream:not-affected (code not present)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Package
Upstream:released (9.5.14)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (9.5.14-0ubuntu0.16.04)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
More Information

Updated: 2019-01-14 22:31:14 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)