CVE-2018-1058

Published: 3/2/2018 Last updated: 9/17/2024 Reserved: 12/4/2017

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (5)

conf-mingw-w64-postgresql-i686 conf-mingw-w64-postgresql-x86_64 conf-postgresql ocsigen-start postgresql

Products affected (1)

Product	Vendor	Version
postgresql	The PostgreSQL Global Development Group	>= 4.3.0, < 4.3.4

References (14)

https://bugzilla.redhat.com/show_bug.cgi?id=1547044
https://usn.ubuntu.com/3589-1/
http://www.securityfocus.com/bid/103221
https://www.postgresql.org/about/news/1834/
https://access.redhat.com/errata/RHSA-2018:2511
https://access.redhat.com/errata/RHSA-2018:2566
https://access.redhat.com/errata/RHSA-2018:3816
https://bugzilla.redhat.com/show_bug.cgi?id=1547044
https://usn.ubuntu.com/3589-1/
http://www.securityfocus.com/bid/103221
https://www.postgresql.org/about/news/1834/
https://access.redhat.com/errata/RHSA-2018:2511
https://access.redhat.com/errata/RHSA-2018:2566
https://access.redhat.com/errata/RHSA-2018:3816