Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0365: postgresql security update

    Date
    247
    Posted By
    It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. (CVE-2020-14349)
    MGASA-2020-0365 - Updated postgresql packages fix security vulnerabilities
    
    Publication date: 06 Sep 2020
    URL: https://advisories.mageia.org/MGASA-2020-0365.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-14349,
         CVE-2020-14350
    
    It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14
    did not properly sanitize the search_path during logical replication. An
    authenticated attacker could use this flaw in an attack similar to
    CVE-2018-1058, in order to execute arbitrary SQL command in the context of
    the user used for replication. (CVE-2020-14349)
    
    It was found that some PostgreSQL extensions did not use search_path safely
    in their installation script. An attacker with sufficient privileges could
    use this flaw to trick an administrator into executing a specially crafted
    script, during the installation or update of such extension. This affects
    PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19,
    and before 9.5.23. (CVE-2020-14350)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27110
    - https://www.postgresql.org/about/news/2060/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14349
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14350
    
    SRPMS:
    - 7/core/postgresql9.6-9.6.19-1.mga7
    - 7/core/postgresql11-11.9-1.mga7
    

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.