Launchpad.net

CVE 2018-10915

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Related bugs and status

CVE-2018-10915 (Candidate) is related to these bugs:

Bug #1786938: New upstream microreleases 9.3.24, 9.5.14, and 10.5

		In	Importance	Status
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-10 (Ubuntu)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.5 (Ubuntu)	Undecided	Invalid
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.3 (Ubuntu)	Undecided	Invalid
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-10 (Ubuntu Bionic)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.5 (Ubuntu Xenial)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-9.3 (Ubuntu Trusty)	Undecided	Fix Released
1786938	New upstream microreleases 9.3.24, 9.5.14, and 10.5	postgresql-10 (Ubuntu Cosmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-10915

Related bugs and status

Related bugs

References