1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
PublicDateAtUSN: 2014-02-21
Candidate: CVE-2014-0061
PublicDate: 2014-03-31
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061
http://wiki.postgresql.org/wiki/20140220securityrelease
http://www.ubuntu.com/usn/usn-2120-1
Description:
The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.launchpad.net/ubuntu/+source/postgresql-9.3/+bug/1282677
Priority: medium
Discovered-by: Andres Freund
Assigned-to:
Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.3)
lucid_postgresql-9.3: DNE
precise_postgresql-9.3: DNE
quantal_postgresql-9.3: DNE
saucy_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.3-1)
utopic_postgresql-9.3: DNE
devel_postgresql-9.3: DNE
Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.12)
lucid_postgresql-9.1: DNE
precise_postgresql-9.1: released (9.1.12-0ubuntu0.12.04)
quantal_postgresql-9.1: released (9.1.12-0ubuntu0.12.10)
saucy_postgresql-9.1: released (9.1.12-0ubuntu0.13.10)
trusty_postgresql-9.1: released (9.1.12-1)
utopic_postgresql-9.1: DNE
devel_postgresql-9.1: DNE
Patches_postgresql-8.4:
upstream_postgresql-8.4: released (8.4.20)
lucid_postgresql-8.4: released (8.4.20-0ubuntu010.04)
precise_postgresql-8.4: released (8.4.22-0ubuntu0.12.04)
quantal_postgresql-8.4: DNE
saucy_postgresql-8.4: DNE
trusty_postgresql-8.4: DNE
utopic_postgresql-8.4: DNE
devel_postgresql-8.4: DNE
|