Launchpad.net

CVE 2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.

Related bugs and status

CVE-2018-10925 (Candidate) is related to these bugs:

Bug #1786938: New upstream microreleases 9.3.24, 9.5.14, and 10.5

		In	Importance	Status
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-10 (Ubuntu)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.5 (Ubuntu)	Undecided	Invalid
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.3 (Ubuntu)	Undecided	Invalid
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-10 (Ubuntu Bionic)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.5 (Ubuntu Xenial)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.3 (Ubuntu Trusty)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-10 (Ubuntu Cosmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
CONFIRM: https://www.postgresql...
DEBIAN: DSA-4269
BID: 105052
SECTRACK: 1041446
UBUNTU: USN-3744-1
REDHAT: RHSA-2018:2511
REDHAT: RHSA-2018:2565
REDHAT: RHSA-2018:2566
GENTOO: GLSA-201810-08
REDHAT: RHSA-2018:3816
SUSE: openSUSE-SU-2020:1227