USN-3972-1: PostgreSQL vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Description
It was discovered that PostgreSQL incorrectly handled partition routing. A remote user could possibly use this issue to read arbitrary bytes of server memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129)
Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130)
CVEs contained in this USN include: CVE-2019-10129, CVE-2019-10130
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Operations Manager is vulnerable in the following releases:
- 2.5.x versions prior to 2.5.4
- 2.4.x versions prior to 2.4.11
- 2.3.x versions prior to 2.3.18
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.5.4, 2.4.11, 2.3.18