CVE-2019-10209 log

Source
Severity Low
Remote Yes
Type Information disclosure
Description
An issue has been found in PostgreSQL >= 11.0 and < 11.5. In a database containing hypothetical, user-defined hash equality operators, an attacker could read arbitrary bytes of server memory. For an attack to become possible, a superuser would need to create unusual operators. It is possible for operators not purpose-crafted for attack to have the properties that enable an attack, but we are not aware of specific examples.
Group Package Affected Fixed Severity Status Ticket
AVG-1019 postgresql, postgresql-libs 11.4-1 11.5-1 Medium Fixed
Date Advisory Group Package Severity Description
10 Aug 2019 ASA-201908-8 AVG-1019 postgresql Medium multiple issues
10 Aug 2019 ASA-201908-7 AVG-1019 postgresql-libs Medium multiple issues
References
https://www.postgresql.org/about/news/1960/
https://bugzilla.redhat.com/show_bug.cgi?id=1734447