Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0432: postgresql security update

    Date 21 Nov 2020
    618
    Posted By LinuxSecurity Advisories
    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions,
    MGASA-2020-0432 - Updated postgresql packages fix security vulnerabilities
    
    Publication date: 21 Nov 2020
    URL: https://advisories.mageia.org/MGASA-2020-0432.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-25694,
         CVE-2020-25695,
         CVE-2020-25696
    
    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
    before 10.15, before 9.6.20 and before 9.5.24. If a client application that
    creates additional database connections only reuses the basic connection
    parameters while dropping security-relevant parameters, an opportunity for a
    man-in-the-middle attack, or the ability to observe clear-text transmissions,
    could exist. The highest threat from this vulnerability is to data confidentiality
    and integrity as well as system availability. (CVE-2020-25694)
    
    A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10,
    before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission
    to create non-temporary objects in at least one schema can execute arbitrary SQL
    functions under the identity of a superuser. The highest threat from this
    vulnerability is to data confidentiality and integrity as well as system
    availability. (CVE-2020-25695)
    
    psql's \gset allows overwriting specially treated variables. (CVE-2020-25696)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27607
    - https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25694
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25695
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25696
    
    SRPMS:
    - 7/core/postgresql9.6-9.6.20-1.mga7
    - 7/core/postgresql11-11.10-1.mga7
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"4","type":"x","order":"1","pct":9.52,"resources":[]},{"id":"161","title":"1-5 years","votes":"9","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"162","title":"6-10 years","votes":"3","type":"x","order":"3","pct":7.14,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"26","type":"x","order":"4","pct":61.9,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.