CVE-2010-1975

Published: 18 May 2010

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

Priority

Low

Status

Package Release Status
postgresql-7.4
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.1
Launchpad, Ubuntu, Debian
Upstream
Released (8.1.21)
postgresql-8.2
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.3
Launchpad, Ubuntu, Debian
Upstream
Released (8.3.11)
postgresql-8.4
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.4-1)