CVE-2019-10209

Published: 08 August 2019

Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.

From the Ubuntu security team

Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information (arbitrary PostgreSQL server memory).

Priority

Low

CVSS 3 base score: 2.2

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-11
Launchpad, Ubuntu, Debian
Upstream
Released (11.5-1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

postgresql-9.5
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist