- Vulnerability/
- USN-3818-1
USN-3818-1: PostgreSQL vulnerability
First published: Wed Nov 14 2018(Updated: )
It was discovered that PostgreSQL incorrectly handled certain trigger definitions when running pg_upgrade or pg_dump. A remote attacker could possibly use this issue to execute arbitrary SQL statements with superuser privileges.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/postgresql-10 | <10.6-0ubuntu0.18.10.1 | 10.6-0ubuntu0.18.10.1 |
| =18.10 | ||
| All of | ||
| ubuntu/postgresql-10 | <10.6-0ubuntu0.18.04.1 | 10.6-0ubuntu0.18.04.1 |
| =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this PostgreSQL vulnerability?
The vulnerability ID for this PostgreSQL vulnerability is USN-3818-1.
What is the description of USN-3818-1?
The vulnerability allows a remote attacker to execute arbitrary SQL statements with superuser privileges.
Which software versions are affected by USN-3818-1?
The PostgreSQL version 10.6-0ubuntu0.18.10.1 and 10.6-0ubuntu0.18.04.1 on Ubuntu 18.10 and 18.04 are affected.
What is the remedy version for this vulnerability?
The remedy version for this vulnerability is PostgreSQL 10.6-0ubuntu0.18.10.1 on Ubuntu 18.10 and 10.6-0ubuntu0.18.04.1 on Ubuntu 18.04.
Where can I find more information about USN-3818-1?
You can find more information about USN-3818-1 on the Ubuntu security advisory page: [CVE-2018-16850](https://ubuntu.com/security/CVE-2018-16850).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04