Six recent Tableau security updates essential for working smart

2-minute read

Tableau recently released a list of security patches covering a variety of vulnerabilities in Tableau Desktop. The list featured mainly high-severity concerns, with only one of the six items listed as less severe.

High severity

Heap-based buffer overflow

Trigger: Any authenticated user publishes a workbook to Tableau Server

Possible Result: Arbitrary code execution or crashing of software

libcurl patched

Trigger: NTLM web authentication

Possible Result: Improper read/write allows remote code execution or crashing of software

Partial information disclosure in thumbnails

Trigger: Published workbook connects to published data source that includes user functions

Possible Result: Users without proper permissions may be exposed to classified information

pgsqlODBC driver contains a heap-based buffer overflow

Trigger: psqlODBC driver shipped with Tableau Server has a buffer overflow and must be updated

Possible Result: Arbitrary code execution or crashing of software

Tableau Desktop on Mac memory corruption

Trigger: A Mac user connects to malicious Web Data Connector (WDC)

Possible Result: Arbitrary code execution or crashing of software

Medium severity

Web data connectors ignore secondary safe list for incremental refresh

Trigger: Performing an incremental refresh does not properly evaluate WDC URL safe list

Possible Result: Malicious WDC code can make requests to unapproved URL’s

To read about installing Tableau Desktop, check out their installation guide. If you’d like to upgrade software you already have, head over to the Tableau Desktop upgrade page.