Vulnerability CVE-2020-14349: Information
Description
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Published: Aug. 24, 2020
Modified: Jan. 24, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
postgresql10 | p10 | 10.14-alt1 | 10.23-alt1.p10.1 | ALT-PU-2020-2538-1 | 256186 | Fixed |
postgresql10 | p9 | 10.14-alt1 | 10.23-alt0.M90P.1 | ALT-PU-2020-2605-1 | 256187 | Fixed |
postgresql10 | p8 | 10.14-alt0.M80P.1 | 10.19-alt0.M80P.1 | ALT-PU-2020-2643-1 | 256188 | Fixed |
postgresql10 | c10f1 | 10.14-alt1 | 10.23-alt1 | ALT-PU-2020-2538-1 | 256186 | Fixed |
postgresql10 | c9f2 | 10.14-alt1 | 10.23-alt0.M90P.1 | ALT-PU-2020-2605-1 | 256187 | Fixed |
postgresql11 | p10 | 11.9-alt1 | 11.22-alt0.p10.1 | ALT-PU-2020-2540-1 | 256186 | Fixed |
postgresql11 | p9 | 11.9-alt1 | 11.22-alt0.M90P.1 | ALT-PU-2020-2607-1 | 256187 | Fixed |
postgresql11 | p8 | 11.9-alt0.M80P.1 | 11.14-alt0.M80P.1 | ALT-PU-2020-2645-1 | 256188 | Fixed |
postgresql11 | c10f1 | 11.9-alt1 | 11.22-alt0.p10.1 | ALT-PU-2020-2540-1 | 256186 | Fixed |
postgresql11 | c9f2 | 11.9-alt1 | 11.22-alt0.M90P.1 | ALT-PU-2020-2607-1 | 256187 | Fixed |
postgresql11-1C | p8 | 11.9-alt0.M80P.1 | 11.12-alt0.M80P.2 | ALT-PU-2020-2644-1 | 256188 | Fixed |
postgresql12 | sisyphus | 12.4-alt1 | 12.18-alt1 | ALT-PU-2020-2535-1 | 256186 | Fixed |
postgresql12 | p10 | 12.4-alt1 | 12.18-alt0.p10.1 | ALT-PU-2020-2535-1 | 256186 | Fixed |
postgresql12 | p9 | 12.4-alt1 | 12.18-alt0.M90P.1 | ALT-PU-2020-2602-1 | 256187 | Fixed |
postgresql12 | p8 | 12.4-alt0.M80P.1 | 12.9-alt0.M80P.1 | ALT-PU-2020-2646-1 | 256188 | Fixed |
postgresql12 | c10f1 | 12.4-alt1 | 12.18-alt0.p10.1 | ALT-PU-2020-2535-1 | 256186 | Fixed |
postgresql12 | c9f2 | 12.4-alt1 | 12.18-alt0.c9f2.1 | ALT-PU-2020-2602-1 | 256187 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1865744 |
|
openSUSE-SU-2020:1243 |
|
openSUSE-SU-2020:1244 |
|
openSUSE-SU-2020:1228 |
|
GLSA-202008-13 |
|
USN-4472-1 |
|
openSUSE-SU-2020:1312 |
|
openSUSE-SU-2020:1326 |
|
https://security.netapp.com/advisory/ntap-20200918-0002/ |
|