Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

USN-3972-1: PostgreSQL vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Description

It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129)

Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130)

CVEs contained in this USN include: CVE-2019-10129, CVE-2019-10130

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager is vulnerable in the following releases:
    • 2.5.x versions prior to 2.5.4
    • 2.4.x versions prior to 2.4.11
    • 2.3.x versions prior to 2.3.18
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.5.4, 2.4.11, 2.3.18
References
Kontakt