Alpine: multiple postgresql15 packages: security update to 11.3-r0

medium Tenable Cloud Security Plugin ID 425679

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a
partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration,
any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as
for CVE-2018-1052). (CVE-2019-10129)

- A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,
9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for
tables. Certain statistics, such as histograms and lists of most common values, contain values taken from
the column. PostgreSQL does not evaluate row security policies before consulting those statistics during
query planning; an attacker can exploit this to read the most common values of certain columns. Affected
columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-
level security prunes the set of rows visible to the attacker. (CVE-2019-10130)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-10129

https://security.alpinelinux.org/vuln/CVE-2019-10130

Plugin Details

Severity: Medium

ID: 425679

Version: Revision 1.4

Type: Local

Published: 4/15/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2019-10130

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2019-10129

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/9/2019

Reference Information

CVE: CVE-2019-10129, CVE-2019-10130

BID: 108452, 108506

IAVB: 2019-B-0040-S