Question
On March 1, 2018, The PostgreSQL Global Development Group released an update to address CVE-2018-1058, which describes how a user can create like-named objects in different schemas that can change the behavior of other users' queries and cause unexpected or malicious behavior, also known as a "trojan-horse" attack.
Is it required to take any actions to mitigate CVE-2018-1058 on existing OA installations?
Answer
CVE-2018-1058 is relevant only for shared database hosting scenarios where PostgreSQL is used. To adress this vulnerability, it is possible to prohibit creation of objects in the PUBLIC schema.
The other scenarios (OA management node, billing databases, etc.) do not require any special actions to be taken to mitigate the CVE-2018-1058 as the potential attacker would need direct access to the database, and there should be users in the database to attack.