Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 19.10 & 18.04 LTS: 4282-1 Critical PostgreSQL Access Issue

ubuntu
Calendar Grey February 18, 2020
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-4282-1 pertains to a vulnerability in PostgreSQL that could enable unauthorized database access. Find additional information here.
PostgreSQL could allow unintended access to the database.

Summary

PostgreSQL could allow unintended access to the database.

Software Description:

- postgresql-11: Object-relational SQL database

- postgresql-10: Object-relational SQL database

Details:

It was discovered that PostgreSQL incorrectly performed authorization

checks when handling the "ALTER ... DEPENDS ON EXTENSION" sub-commands. A

remote attacker could possibly use this issue to drop any function,

procedure, materialized view, index, or trigger under certain conditions.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
  postgresql-11                   11.7-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
  postgresql-10                   10.12-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4282-1

CVE-2020-1720

Severity
critical
Lowest
Low
Medium
High
Critical

February 18, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here