CVE-2010-1975

Publication date 18 May 2010

Last updated 24 July 2024


Ubuntu priority

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

Status

Package Ubuntu Release Status
postgresql-7.4 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Ignored end of life
postgresql-8.0 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Ignored end of life
postgresql-8.1 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Fixed 8.1.21-0ubuntu0.6.06
postgresql-8.2 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Not in release
postgresql-8.3 11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Ignored end of life
9.04 jaunty
Fixed 8.3.11-0ubuntu9.04
8.04 LTS hardy
Fixed 8.3.11-0ubuntu8.04
6.06 LTS dapper Not in release
postgresql-8.4 11.04 natty
Fixed 8.4.4-1
10.10 maverick
Fixed 8.4.4-1
10.04 LTS lucid
Fixed 8.4.4-0ubuntu10.04
9.10 karmic
Fixed 8.4.4-0ubuntu9.10
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-942-1
    • PostgreSQL vulnerabilities
    • 21 May 2010

Other references