VDB
GCVE-110-MAGEIA-2019-189
GCVE-110-MAGEIA-2019-189
Advisory Published
Updated postgresql packages fix security vulnerabilities
CVE-2019-10129: Memory disclosure in partition routing
Prior to this release, a user running PostgreSQL 11 can read arbitrary
bytes of server memory by executing a purpose-crafted INSERT statement
to a partitioned table.
CVE-2019-10130: Selectivity estimators bypass row security policies
PostgreSQL maintains statistics for tables by sampling data available in
columns; this data is consulted during the query planning process. Prior
to this release, a user able to execute SQL queries with permissions to
read a given column could craft a leaky operator that could read whatever
data had been sampled from that column. If this happened to include values
from rows that the user is forbidden to see by a row security policy, the
user could effectively bypass the policy. This is fixed by only allowing
a non-leakproof operator to use this data if there are no relevant row
security policies for the table.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | postgresql9.4 | 0 (affected), 9.4.22-1.mga6 (unaffected), 9.4.22-1.mga6 (unaffected), 0 (affected) | — |
| Mageia | x11-driver-video-amdgpu | 0 (affected), 19.1.0-3.mga7 (unaffected) | — |
| Mageia | postgresql9.6 | 0 (affected), 9.6.13-3.mga6 (unaffected), 0 (affected), 9.6.13-3.mga6 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.