CVE-2018-10925

Priority
Description
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14,
9.4.19, and 9.3.24 failed to properly check authorization on certain
statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker
with "CREATE TABLE" privileges could exploit this to read arbitrary bytes
server memory. If the attacker also had certain "INSERT" and limited
"UPDATE" privileges to a particular table, they could exploit this to
update other columns in the same table.
Notes
debianOnly affects PostgreSQL 9.5 onwards
Package
Upstream:released (10.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (10.5-0ubuntu0.18.04)
Package
Upstream:not-affected (code not present)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:not-affected (code not present)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.5.14)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (9.5.14-0ubuntu0.16.04)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2019-12-05 18:50:11 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)