CVE-2014-8161

Published: 6 February 2015

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Priority

CVSS 3 base score: 4.3

Status

Package	Release	Status
postgresql-8.4 Launchpad, Ubuntu, Debian	lucid	Released (8.4.22-0ubuntu0.10.04.1)
	precise	Does not exist (precise was needed)
	trusty	Does not exist
	upstream	Ignored (reached end-of-life)
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.1 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Released (9.1.15-0ubuntu0.12.04)
	trusty	Does not exist (trusty was released [9.1.15-0ubuntu0.14.04])
	upstream	Released (9.1.11-2)
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.3 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	trusty	Released (9.3.6-0ubuntu0.14.04)
	upstream	Released (9.3.6)
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
postgresql-9.4 Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (9.4.1-1)
	utopic	Released (9.4.1-0ubuntu0.14.10)
	vivid	Not vulnerable (9.4.1-1)
	wily	Not vulnerable (9.4.1-1)
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/postgresql-9.4/+bug/1418928

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›