VulnerableCode Package Details - pkg:deb/ubuntu/postgresql-9.3@9.3.20-0ubuntu0.14.04

Search for packages

Package details: pkg:deb/ubuntu/postgresql-9.3@9.3.20-0ubuntu0.14.04

Essentials
History (0)

purl	pkg:deb/ubuntu/postgresql-9.3@9.3.20-0ubuntu0.14.04

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-284w-w9ec-aaaa Aliases: CVE-2018-1058	A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.	9.3.22-0ubuntu0.14.04 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c6cj-4u8q-aaap Aliases: CVE-2018-10915	A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.	9.3.24-0ubuntu0.14.04 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gmgw-23h9-aaap Aliases: CVE-2018-1053	In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.	9.3.21-0ubuntu0.14.04 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jxde-hg99-aaap Aliases: CVE-2016-3065	CVE-2016-3065 postgresql: memory disclosure in pageinspect functions	There are no reported fixed by versions.
VCID-pyvh-7h7a-aaar Aliases: CVE-2016-2193	CVE-2016-2193 postgresql: row security policies in prepared statements disregard user ID changes	There are no reported fixed by versions.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-6sdf-4fh4-aaah	Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.	CVE-2017-15098

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version