Уязвимость CVE-2020-14350: Информация
Описание
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Важность: HIGH (7,3) Вектор: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
postgresql10 | p10 | 10.14-alt1 | 10.23-alt1.p10.1 | ALT-PU-2020-2538-1 | 256186 | Исправлено |
postgresql10 | p9 | 10.14-alt1 | 10.23-alt0.M90P.1 | ALT-PU-2020-2605-1 | 256187 | Исправлено |
postgresql10 | p8 | 10.14-alt0.M80P.1 | 10.19-alt0.M80P.1 | ALT-PU-2020-2643-1 | 256188 | Исправлено |
postgresql10 | c10f1 | 10.14-alt1 | 10.23-alt1 | ALT-PU-2020-2538-1 | 256186 | Исправлено |
postgresql10 | c9f2 | 10.14-alt1 | 10.23-alt0.M90P.1 | ALT-PU-2020-2605-1 | 256187 | Исправлено |
postgresql11 | p10 | 11.9-alt1 | 11.22-alt0.p10.1 | ALT-PU-2020-2540-1 | 256186 | Исправлено |
postgresql11 | p9 | 11.9-alt1 | 11.22-alt0.M90P.1 | ALT-PU-2020-2607-1 | 256187 | Исправлено |
postgresql11 | p8 | 11.9-alt0.M80P.1 | 11.14-alt0.M80P.1 | ALT-PU-2020-2645-1 | 256188 | Исправлено |
postgresql11 | c10f1 | 11.9-alt1 | 11.22-alt0.p10.1 | ALT-PU-2020-2540-1 | 256186 | Исправлено |
postgresql11 | c9f2 | 11.9-alt1 | 11.22-alt0.M90P.1 | ALT-PU-2020-2607-1 | 256187 | Исправлено |
postgresql11-1C | p8 | 11.9-alt0.M80P.1 | 11.12-alt0.M80P.2 | ALT-PU-2020-2644-1 | 256188 | Исправлено |
postgresql12 | sisyphus | 12.4-alt1 | 12.18-alt1 | ALT-PU-2020-2535-1 | 256186 | Исправлено |
postgresql12 | p10 | 12.4-alt1 | 12.18-alt0.p10.1 | ALT-PU-2020-2535-1 | 256186 | Исправлено |
postgresql12 | p9 | 12.4-alt1 | 12.18-alt0.M90P.1 | ALT-PU-2020-2602-1 | 256187 | Исправлено |
postgresql12 | p8 | 12.4-alt0.M80P.1 | 12.9-alt0.M80P.1 | ALT-PU-2020-2646-1 | 256188 | Исправлено |
postgresql12 | c10f1 | 12.4-alt1 | 12.18-alt0.p10.1 | ALT-PU-2020-2535-1 | 256186 | Исправлено |
postgresql12 | c9f2 | 12.4-alt1 | 12.18-alt0.c9f2.1 | ALT-PU-2020-2602-1 | 256187 | Исправлено |
postgresql9.5 | p9 | 9.5.23-alt1 | 9.5.25-alt1 | ALT-PU-2020-2603-1 | 256187 | Исправлено |
postgresql9.5 | p8 | 9.5.23-alt0.M80P.1 | 9.5.25-alt0.M80P.1 | ALT-PU-2020-2641-1 | 256188 | Исправлено |
postgresql9.5 | c9f2 | 9.5.23-alt1 | 9.5.25-alt1 | ALT-PU-2020-2603-1 | 256187 | Исправлено |
postgresql9.6 | p9 | 9.6.19-alt1 | 9.6.24-alt0.M90P.1 | ALT-PU-2020-2604-1 | 256187 | Исправлено |
postgresql9.6 | p8 | 9.6.19-alt0.M80P.1 | 9.6.24-alt0.M80P.1 | ALT-PU-2020-2642-1 | 256188 | Исправлено |
postgresql9.6 | c9f2 | 9.6.19-alt1 | 9.6.24-alt0.M90P.1 | ALT-PU-2020-2604-1 | 256187 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
openSUSE-SU-2020:1227 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1865746 |
|
openSUSE-SU-2020:1243 |
|
[debian-lts-announce] 20200817 [SECURITY] [DLA 2331-1] posgresql-9.6 security update |
|
openSUSE-SU-2020:1244 |
|
openSUSE-SU-2020:1228 |
|
GLSA-202008-13 |
|
USN-4472-1 |
|
openSUSE-SU-2020:1312 |
|
openSUSE-SU-2020:1326 |
|
https://security.netapp.com/advisory/ntap-20200918-0002/ |
|