Mageia 2020-0095: postgresql security update

    Date21 Feb 2020
    919
    Posted ByLinuxSecurity Advisories
    Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is
    MGASA-2020-0095 - Updated postgresql packages fix security vulnerability
    
    Publication date: 21 Feb 2020
    URL: https://advisories.mageia.org/MGASA-2020-0095.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-1720
    
    Updated postgresql9.6 and postgresql11 packages fix security vulnerability:
    
    The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization
    checks, which can allow an unprivileged user to drop any function, procedure,
    materialized view, index, or trigger under certain conditions. This attack is
    possible if an administrator has installed an extension and an unprivileged
    user can CREATE, or an extension owner either executes DROP EXTENSION
    predictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=26196
    - https://www.postgresql.org/about/news/2011/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1720
    
    SRPMS:
    - 7/core/postgresql9.6-9.6.17-1.mga7
    - 7/core/postgresql11-11.7-1.mga7
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.