CVE-2014-0062

Published: 21 February 2014

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Priority

Medium

Status

Package Release Status
postgresql-8.4
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.20)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream
Released (9.1.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [9.1.12-1])
postgresql-9.3
Launchpad, Ubuntu, Debian
Upstream
Released (9.3.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (9.3.3-1)