All Vulnerability Reports

USN-3744-1: PostgreSQL vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Description

Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-10915)

It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. (CVE-2018-10925)

CVEs contained in this USN include: CVE-2018-10915, CVE-2018-10925

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager is vulnerable in the following releases:
    • 2.1.x versions prior to 2.1.12
    • 2.2.x versions prior to 2.2.3
    • 2.0.x versions prior to 2.0.21
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.2.3, 2.1.12, 2.0.21
References