CVE-2009-3230

Publication date 17 September 2009

Last updated 24 July 2024

Ubuntu priority

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
postgresql-8.1	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Fixed 8.1.18-0ubuntu0.6.06
postgresql-8.3	9.04 jaunty	Fixed 8.3.8-0ubuntu9.04
	8.10 intrepid	Fixed 8.3.8-0ubuntu8.10
	8.04 LTS hardy	Fixed 8.3.8-0ubuntu8.04
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-834-1
PostgreSQL vulnerabilities
21 September 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-3230