Bug 1707109 (CVE-2019-10130)
Summary: | CVE-2019-10130 postgresql: Selectivity estimators bypass row security policies | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | anon.amish, bbuckingham, bcourt, bkearney, btotty, dajohnso, databases-maint, devrim, dmetzger, gblomqui, gmainwar, gmccullo, gtanzill, hhorak, hhudgeon, jfrey, jhardy, jlaska, jmlich83, jorton, jprause, jstanek, kdixon, mike, mmccune, obarenbo, panovotn, pkajaba, pkubat, praiskup, rchan, rjerrido, roliveri, security-response-team, simaishi, tgl, tlestach |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 11.3, postgresql 10.8, postgresql 9.6.13, postgresql 9.5.17 | Doc Type: | If docs needed, set a value |
Doc Text: |
PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-08 13:17:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1709192, 1709193, 1709194, 1709195, 1709196, 1709197, 1845074, 1857227, 1872770, 1881766, 1881774, 1909702, 1909703, 1909714, 1909715, 1909716 | ||
Bug Blocks: | 1707112 |
Description
Pedro Sampaio
2019-05-06 20:02:17 UTC
Acknowledgments: Name: Noah Misch, the PostgreSQL Project Upstream: Dean Rasheed Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 1709193] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1709192] External References: https://www.postgresql.org/about/news/1939/ Statement: This vulnerability requires row level security to be in use, and an attacker to be able to execute crafted queries against the target PostgreSQL database. Neither of these conditions is true in Red Hat Ansible Tower, Red Hat CloudForms or Red Hat Satellite. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3669 https://access.redhat.com/errata/RHSA-2020:3669 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10130 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2020:4295 https://access.redhat.com/errata/RHSA-2020:4295 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5619 https://access.redhat.com/errata/RHSA-2020:5619 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5661 https://access.redhat.com/errata/RHSA-2020:5661 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5664 https://access.redhat.com/errata/RHSA-2020:5664 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0164 https://access.redhat.com/errata/RHSA-2021:0164 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0166 https://access.redhat.com/errata/RHSA-2021:0166 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0167 https://access.redhat.com/errata/RHSA-2021:0167 |