PostgreSQL vulnerability

2018-02-0900:00:00

ubuntu.com

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Releases

Ubuntu 17.10
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

postgresql-9.3 - Object-relational SQL database
postgresql-9.5 - Object-relational SQL database
postgresql-9.6 - Object-relational SQL database

Details

It was discovered that PostgreSQL incorrectly handled certain temp files.
An attacker could possibly use this to access sensitive information.

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchpostgresql-9.6< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchlibecpg-compat3< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchlibecpg-dev< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchlibecpg6< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchlibpgtypes3< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchlibpq-dev< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchlibpq5< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchpostgresql-9.6-dbg< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchpostgresql-client-9.6< 9.6.7-0ubuntu0.17.10UNKNOWN
Ubuntu17.10noarchpostgresql-contrib-9.6< 9.6.7-0ubuntu0.17.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	17.10	noarch	postgresql-9.6	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	libecpg-compat3	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	libecpg-dev	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	libecpg6	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	libpgtypes3	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	libpq-dev	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	libpq5	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	postgresql-9.6-dbg	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	postgresql-client-9.6	< 9.6.7-0ubuntu0.17.10	UNKNOWN
Ubuntu	17.10	noarch	postgresql-contrib-9.6	< 9.6.7-0ubuntu0.17.10	UNKNOWN