VDB

GCVE-110-MAGEIA-2019-189

GCVE-110-MAGEIA-2019-189
Advisory Published
Vulnetix · Advisory published June 10, 2019
Updated postgresql packages fix security vulnerabilities CVE-2019-10129: Memory disclosure in partition routing Prior to this release, a user running PostgreSQL 11 can read arbitrary bytes of server memory by executing a purpose-crafted INSERT statement to a partitioned table. CVE-2019-10130: Selectivity estimators bypass row security policies PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. This is fixed by only allowing a non-leakproof operator to use this data if there are no relevant row security policies for the table.

Affected Products

VendorProductVersionsPlatforms
Mageiapostgresql9.40 (affected), 9.4.22-1.mga6 (unaffected), 9.4.22-1.mga6 (unaffected), 0 (affected)
Mageiax11-driver-video-amdgpu0 (affected), 19.1.0-3.mga7 (unaffected)
Mageiapostgresql9.60 (affected), 9.6.13-3.mga6 (unaffected), 0 (affected), 9.6.13-3.mga6 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›