Product Release Advisory - VMware Tanzu Greenplum 6.29.0

Product/Component

VMware Tanzu Greenplum

0 more products

Notification Id

25581

Last Updated

07 April 2025

Initial Publication Date

07 April 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.8

WorkAround

Affected CVE

See list in advisory

Security Advisory

Advisory ID:	TNZ-2025-0021
Severity:	Critical
Issue Date:	2025-04-07
Updated on:	2025-04-07
Synopsis	Bumped multiple dependencies which resulted in 18 CVEs remediated in this release.

Product Version Release Advisory

VMware Tanzu Greenplum 6.29.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/6/greenplum-database/relnotes-release-notes.html#rel_6290

VMware Tanzu Greenplum Platform Extension Framework 6.11.1

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum-platform-extension-framework/6-11/gp-pxf/release-notes.html#v6_11_1

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
Greenplum Server	CVE-2025-1094 (high)
Greenplum Cluster Management	CVE-2024-45337 (high) CVE-2023-45288 (medium) CVE-2024-45338 (high) CVE-2024-24786 (high)
PL/Container Python3 Image	GHSA-f73w-4m7g-ch9x (critical) CVE-2024-3596 (critical) CVE-2023-37920 (high) GHSA-q2x7-8rv6-6q7h (medium)
PL/Container R Image	CVE-2022-42967 (high) CVE-2023-3792 (medium) CVE-2024-3596 (critical)
DataSciencePython3.9	GHSA-x4wf-678h-2pmq (critical) GHSA-f73w-4m7g-ch9x (critical)
Greenplum Platform Extensions Framework	CVE‑2024‑47561 (critical) CVE‑2018‑1282 (critical) CVE‑2024‑45337 (high) CVE‑2024‑50379 (medium)

History

2025-04-07: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security