Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0432: postgresql security update

    Date
    585
    Posted By
    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions,
    MGASA-2020-0432 - Updated postgresql packages fix security vulnerabilities
    
    Publication date: 21 Nov 2020
    URL: https://advisories.mageia.org/MGASA-2020-0432.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-25694,
         CVE-2020-25695,
         CVE-2020-25696
    
    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
    before 10.15, before 9.6.20 and before 9.5.24. If a client application that
    creates additional database connections only reuses the basic connection
    parameters while dropping security-relevant parameters, an opportunity for a
    man-in-the-middle attack, or the ability to observe clear-text transmissions,
    could exist. The highest threat from this vulnerability is to data confidentiality
    and integrity as well as system availability. (CVE-2020-25694)
    
    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
    before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission
    to create non-temporary objects in at least one schema can execute arbitrary SQL
    functions under the identity of a superuser. The highest threat from this
    vulnerability is to data confidentiality and integrity as well as system
    availability. (CVE-2020-25695)
    
    psql's \gset allows overwriting specially treated variables. (CVE-2020-25696)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27607
    - https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25694
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25695
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25696
    
    SRPMS:
    - 7/core/postgresql9.6-9.6.20-1.mga7
    - 7/core/postgresql11-11.10-1.mga7
    

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"8","type":"x","order":"1","pct":100,"resources":[]},{"id":"159","title":"False","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.