PostgreSQL before versions 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 do not properly authorize certain statements. A attacker able to issue CREATE TABLE can read arbitrary bytes of server memory using INSERT ... ON CONFLICT DO UPDATE. By default, any user can exploit that. If such an attacker also has certain INSERT privileges and has UPDATE privilege on at least one column of a given table, a data integrity attack is possible. The attacker can update other columns, for which the attacker lacks UPDATE privilege.
"ON CONFLICT DO UPDATE" was introduced in PostgreSQL 9.5; versions 9.4 and earlier do not support this feature and thus are not vulnerable to this CVE. Earlier versions were mentioned in the previous comment as this is part of a combined upstream security update, also including CVE-2018-10915.
Acknowledgments: Name: the PostgreSQL project
External References: https://www.postgresql.org/about/news/1878/
Created mingw-postgresql tracking bugs for this issue: Affects: epel-7 [bug 1614397] Affects: fedora-all [bug 1614399] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1614402]
Tower is affected as is using a vulnerable PostgreSQL version. Tower will embedded the fixed version in their next releases (3.1.8 and 3.2.6)
Upstream commit: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b8a1247a34e234be6becf7f70b9f1e8e9369db64 Related upstream mailing list discussion: https://www.postgresql.org/message-id/flat/CAFYwGJ0xfzy8jaK80hVN2eUWr6huce0RU8AgU04MGD00igqkTg%40mail.gmail.com
Statement: Red Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue. This issue affects the versions of the postsgresql package as shipped with Red Hat Satellite 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5.8. A future update may address this issue.
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2511
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2565
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:2566
This issue has been addressed in the following products: CloudForms Management Engine 5.9 Via RHSA-2018:3816 https://access.redhat.com/errata/RHSA-2018:3816