You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa postgresql

Sigurnosni nedostaci programskog paketa postgresql

by - 0

==========================================================================
Ubuntu Security Notice USN-4633-1
November 17, 2020

postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in PostgreSQL.

Software Description:
– postgresql-12: Object-relational SQL database
– postgresql-10: Object-relational SQL database
– postgresql-9.5: Object-relational SQL database

Details:

Peter Eisentraut discovered that PostgreSQL incorrectly handled connection
security settings. Client applications could possibly be connecting with
certain security parameters dropped, contrary to expectations.
(CVE-2020-25694)

Etienne Stalmans discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox. An authenticated remote attacker
could possibly use this issue to execute arbitrary SQL functions as a
superuser. (CVE-2020-25695)

Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset
meta-command. A remote attacker with a compromised server could possibly
use this issue to execute arbitrary code. (CVE-2020-25696)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
postgresql-12 12.5-0ubuntu0.20.10.1

Ubuntu 20.04 LTS:
postgresql-12 12.5-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
postgresql-10 10.15-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
postgresql-9.5 9.5.24-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.

References:
https://usn.ubuntu.com/4633-1
CVE-2020-25694, CVE-2020-25695, CVE-2020-25696

Package Information:
https://launchpad.net/ubuntu/+source/postgresql-12/12.5-0ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/postgresql-12/12.5-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/postgresql-10/10.15-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.24-0ubuntu0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+z4HYACgkQZWnYVadE
vpMlXw//ZDTEd1kCIHeiv/saZrKYRwiGhXBh1lI2Y43j9vdOoD9r2+y0HMKG3jfW
wFMgwad4ZIymaoXDdG9CWLBiaolvNPAbAjOl4D/nOWs3WgjvOwuKzwpSiEQ3wMSC
Y84CzUj2iX68+ZaHRn6DU2ca59YCaL4Thbkxv46ELrNEwebGZ+V3kYVmfm1dY3n1
p6iv7npECXZY7Fa70wV6dZctZ/+nT82YDXQDPz5Mx+FM+ACMx96dDMj8sc9OZbRx
EudQ/7TaoKIWoYOLN0sEZJzjZ3S2/e7TfNpSZ5lZQ6uOC9XKsHMHHsZ8T+Sbzd5q
7zen+Eb1es7+5gz3QJqU8dCQH+zjhFBGZaVtAQUO3Um2WTuhLC3i5wBSeefzT7Qg
bg/oc2Y7NbMOgJk9hs/45PpuNiMvK44+mvgHdRmUe25h+zZtWVIJG4yBQMQDVZKt
Pqk2soqRDGezVMwamJK1BAOmptBqU8VE6XeoKUgp0CdPwBp/zdlRIF1LTrdI0d8o
t2vZ57upspFhCl5xESJ9v7iEiN2iKrrTO6TLs+BUAkoR881HoeW6H8i+ssQHSezU
tDJ3niT2AGS7DWISZTIUVLEMTCMu9TXb6GQe8V76UIXcgSMiC3cHxIttwVPRGMWv
KLOUp2KmGC2qGBPDlxhfVpd61pSLL/4JuU4o6uwaqFQRf2bBUBE=
=PhM6
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openldap

Otkriveni su sigurnosni nedostaci u programskom paketu openldap za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close