CVE-2010-1975

Published: 18 May 2010

PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.

Priority

Status

Package	Release	Status
postgresql-7.4 Launchpad, Ubuntu, Debian	Upstream	Needs triage







postgresql-8.0 Launchpad, Ubuntu, Debian	Upstream	Needs triage







postgresql-8.1 Launchpad, Ubuntu, Debian	Upstream	Released (8.1.21)







postgresql-8.2 Launchpad, Ubuntu, Debian	Upstream	Needs triage







postgresql-8.3 Launchpad, Ubuntu, Debian	Upstream	Released (8.3.11)







postgresql-8.4 Launchpad, Ubuntu, Debian	Upstream	Released (8.4.4-1)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2010-1975

Low

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading