USN-3972-1: PostgreSQL vulnerabilities
13 May 2019
Several security issues were fixed in PostgreSQL.
- postgresql-10 - Object-relational SQL database
- postgresql-11 - object-relational SQL database
- postgresql-9.5 - Object-relational SQL database
It was discovered that PostgreSQL incorrectly handled partition routing. A
remote user could possibly use this issue to read arbitrary bytes of server
memory. This issue only affected Ubuntu 19.04. (CVE-2019-10129)
Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity
estimators. A remote attacker could possibly use this issue to bypass row
security policies. (CVE-2019-10130)
The problem can be corrected by updating your system to the following package versions:
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.