PostgreSQL vulnerabilities

2017-11-14T00:00:00
ID USN-3479-1
Type ubuntu
Reporter Ubuntu
Modified 2017-11-14T00:00:00

Description

David Rowley discovered that PostgreSQL incorrectly handled memory when processing certain JSON functions. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2017-15098)

Dean Rasheed discovered that PostgreSQL incorrectly enforced SELECT privileges when processing INSERT … ON CONFLICT DO UPDATE commands. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 17.04 and Ubuntu 17.10.