MGASA-2020-0095

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0095.html

Import Source

https://advisories.mageia.org/MGASA-2020-0095.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0095

Related

CVE-2020-1720

Published

2020-02-21T23:06:01Z

Modified

2020-02-21T22:40:41Z

Summary

Updated postgresql packages fix security vulnerability

Details

Updated postgresql9.6 and postgresql11 packages fix security vulnerability:

The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / postgresql9.6

Package

Name: postgresql9.6
Purl: pkg:rpm/mageia/postgresql9.6?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.6.17-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / postgresql11

Package

Name: postgresql11
Purl: pkg:rpm/mageia/postgresql11?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.7-1.mga7

Ecosystem specific

{
    "section": "core"
}