Severity: High

 

Summary: The unixODBC driver is installed with Tableau Server on Linux. The unixODBC team fixed a vulnerability that affects Tableau Server. An authenticated attacker that can publish a workbook can force Tableau Server to connect to a malicious database that can trigger this vulnerability.

 

Impact: A Tableau Server on Linux instance that connects to a malicious database may execute arbitrary code or crash.

 

Vulnerable Versions:  The following versions have this vulnerability:

Tableau Server on Linux 10.5.0 through 10.5.7

Tableau Server on Linux 2018.1.0 through 2018.1.4

Tableau Server on Linux 2018.2.0

 

Resolution: The issue can be fixed by upgrading to the following version:

Tableau Server on Linux 10.5.8

Tableau Server on Linux 2018.1.5

Tableau Server on Linux 2018.2.1

 

Appendix: Database drivers that use unixODBC as of 9/27/2018

Amazon Hive

Amazon Impala

Amazon RedShift

Cloudera Hiva

Cloudera Impala

EssBase

ExaSolution

HortonWorks Hiva

IBM DB2

MapR Drill

MySQL

Oracle

PostgreSQL

SAP Hana

Simba presto

Simba Spark

Snowflake

SQL Server

Teradata

Vertica