[ASA-201803-9] postgresql: privilege escalation
Arch Linux Security Advisory ASA-201803-9 ========================================= Severity: High Date : 2018-03-11 CVE-ID : CVE-2018-1058 Package : postgresql Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-643 Summary ======= The package postgresql before version 10.3-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 10.3-1. # pacman -Syu "postgresql>=10.3-1" The problem has been fixed upstream in version 10.3. Workaround ========== None. Description =========== A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. Impact ====== A remote attacker with a valid user account is able to execute code with permissions of a superuser of the database. References ========== https://www.postgresql.org/about/news/1834/ https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Sear... https://security.archlinux.org/CVE-2018-1058
participants (1)
-
Jelle van der Waa