UBUNTU-CVE-2017-15099

See a problem?
Source
https://ubuntu.com/security/notices/UBUNTU-CVE-2017-15099
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-15099.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-15099
Related
Published
2017-11-09T00:00:00Z
Modified
2017-11-09T00:00:00Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

References

Affected packages

Ubuntu:16.04:LTS / postgresql-9.5

Package

Name
postgresql-9.5
Purl
pkg:deb/ubuntu/postgresql-9.5@9.5.10-0ubuntu0.16.04?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.5.10-0ubuntu0.16.04

Affected versions

9.*

9.5.0-1
9.5.0-2
9.5.0-3
9.5.1-1
9.5.2-1
9.5.3-0ubuntu0.16.04
9.5.4-0ubuntu0.16.04
9.5.5-0ubuntu0.16.04
9.5.6-0ubuntu0.16.04
9.5.7-0ubuntu0.16.04
9.5.8-0ubuntu0.16.04.1
9.5.9-0ubuntu0.16.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libecpg6-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libecpg6": "9.5.10-0ubuntu0.16.04",
            "postgresql-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "postgresql-doc-9.5": "9.5.10-0ubuntu0.16.04",
            "libpq5": "9.5.10-0ubuntu0.16.04",
            "libpq5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "postgresql-plpython3-9.5": "9.5.10-0ubuntu0.16.04",
            "libpq-dev": "9.5.10-0ubuntu0.16.04",
            "libecpg-dev-dbgsym": "9.5.10-0ubuntu0.16.04",
            "postgresql-plpython3-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libpgtypes3-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libecpg-compat3": "9.5.10-0ubuntu0.16.04",
            "postgresql-client-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-contrib-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-9.5-dbg": "9.5.10-0ubuntu0.16.04",
            "postgresql-server-dev-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-server-dev-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libecpg-dev": "9.5.10-0ubuntu0.16.04",
            "postgresql-contrib-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "postgresql-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-plpython-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "postgresql-client-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libpgtypes3": "9.5.10-0ubuntu0.16.04",
            "postgresql-plperl-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-pltcl-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-plperl-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "postgresql-plpython-9.5": "9.5.10-0ubuntu0.16.04",
            "postgresql-pltcl-9.5-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libecpg-compat3-dbgsym": "9.5.10-0ubuntu0.16.04",
            "libpq-dev-dbgsym": "9.5.10-0ubuntu0.16.04"
        }
    ]
}