ALT-PU-2020-2536-1
Package postgresql9.5 updated to version 9.5.23-alt1 for branch sisyphus in task 256186.
Closed vulnerabilities
Published: 2020-08-24
BDU:2021-00079
Уязвимость системы управления базами данных PostgreSQL, связанная с ненадежным путем поиска, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.3)
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2020-08-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-14350
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Severity: HIGH (7.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:1227
- openSUSE-SU-2020:1227
- openSUSE-SU-2020:1228
- openSUSE-SU-2020:1228
- openSUSE-SU-2020:1244
- openSUSE-SU-2020:1244
- openSUSE-SU-2020:1243
- openSUSE-SU-2020:1243
- openSUSE-SU-2020:1312
- openSUSE-SU-2020:1312
- openSUSE-SU-2020:1326
- openSUSE-SU-2020:1326
- https://bugzilla.redhat.com/show_bug.cgi?id=1865746
- https://bugzilla.redhat.com/show_bug.cgi?id=1865746
- [debian-lts-announce] 20200817 [SECURITY] [DLA 2331-1] posgresql-9.6 security update
- [debian-lts-announce] 20200817 [SECURITY] [DLA 2331-1] posgresql-9.6 security update
- GLSA-202008-13
- GLSA-202008-13
- https://security.netapp.com/advisory/ntap-20200918-0002/
- https://security.netapp.com/advisory/ntap-20200918-0002/
- USN-4472-1
- USN-4472-1