Bug 1734447 (CVE-2019-10209)
Summary: | CVE-2019-10209 postgresql: Memory disclosure in cross-type comparison for hashed subplan | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | akoufoud, alazarot, almorale, anon.amish, anstephe, asakala, bkearney, databases-maint, dblechte, devrim, dfediuck, eedri, etirelli, hhorak, ibek, jmlich83, jorton, jstanek, krathod, kverlaen, lpetrovi, mgoldboi, michal.skrivanek, mike, mnovotny, mperina, panovotn, paradhya, pkajaba, pkubat, praiskup, puebele, rrajasek, rsynek, sbonazzo, sdaley, security-response-team, sherold, sisharma, tgl, tlestach, trupti_pardeshi, vbellur, yturgema |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 11.5 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-14 14:46:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1739212 | ||
Bug Blocks: | 1734467 |
Description
msiddiqu
2019-07-30 14:42:46 UTC
The following products only contain the JBDC postgresql driver, not the server and are not affected: * Red Hat Decision Manager * Red Hat Process Automation Manager Acknowledgments: Name: the PostgreSQL project Upstream: Andreas Seltenreich Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1739212] External References: https://www.postgresql.org/about/news/1960/ Hello, May I know if Linux PostgreSQL 7.1beta6 version is also affected and requires this fix? Any heads up will be appreciated. Thank you in advance. Best Regards, Upstream fix : postgresql-11 : https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a034418cfc85fffa300d4d44792561c09e76f68b In reply to comment #9: > May I know if Linux PostgreSQL 7.1beta6 version is also affected and > requires this fix? Any heads up will be appreciated. This vulnerability was introduced with commit bf6c614a2, and thus affects only PostgreSQL version 11. Older versions are safe from that vulnerability. (In reply to Cedric Buissart 🐶 from comment #11) > In reply to comment #9: > > May I know if Linux PostgreSQL 7.1beta6 version is also affected and > > requires this fix? Any heads up will be appreciated. > This vulnerability was introduced with commit bf6c614a2, and thus affects > only PostgreSQL version 11. Older versions are safe from that vulnerability. Thanks a lot Cedric for clarification. Red Hat Gluster Storage 3 ships JDBC part of postgresql embedded in rhevm-dependencies, hence not affected. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10209 |