CVE-2018-1053

NameCVE-2018-1053
DescriptionIn postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1271-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-10source(unstable)10.2-1
postgresql-9.1sourcewheezy9.1.24lts2-0+deb7u2DLA-1271-1
postgresql-9.1sourcejessie(not affected)
postgresql-9.1source(unstable)(unfixed)
postgresql-9.4sourcejessie9.4.16-0+deb8u1
postgresql-9.4source(unstable)(unfixed)
postgresql-9.6sourcestretch9.6.7-0+deb9u1
postgresql-9.6source(unstable)(unfixed)

Notes

[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca

Search for package or bug name: Reporting problems