Cloud Foundry Logo
blog single gear
Security Advisory

CVE-2019-10164: Critical Security Issue in PostgreSQL

Severity

High

Vendor

PostgreSQL Global Development Group

Affected Cloud Foundry Products and Versions

  • BOSH
    • 270 versions prior to v270.4.0
  • CF Deployment
    • All versions prior to v11.0.0
  • UAA
    • All versions prior to v74.0.0

Description

PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user’s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. 

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • BOSH
    • Upgrade 270 versions to v270.4.0 or greater
  • CF Deployment
    • Upgrade All versions to v11.0.0 or greater
  • UAA
    • Upgrade All versions to v74.0.0 or greater

 

History

2019-08-20: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES