Mageia: 2020-0095 Moderate: PostgreSQL Unauthorized Function Drop
mageia
February 21, 2020
Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ..
Summary
Updated postgresql9.6 and postgresql11 packages fix security vulnerability:
The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization
checks, which can allow an unprivileged user to drop any function, procedure,
materialized view, index, or trigger under certain conditions. This attack is
possible if an administrator has installed an extension and an unprivileged
user can CREATE, or an extension owner either executes DROP EXTENSION
predictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720).
References
- https://bugs.mageia.org/show_bug.cgi?id=26196
- https://www.postgresql.org/about/news/postgresql-122-117-1012-9617-9521-and-9426-released-2011/
- https://www.cve.org/CVERecord?id=CVE-2020-1720
Resolution
SRPMS
- 7/core/postgresql9.6-9.6.17-1.mga7
- 7/core/postgresql11-11.7-1.mga7
PREVIOUS
NEXT
Publication date: 21 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0095.html
Type: security
CVE: CVE-2020-1720
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!