Mageia Advisory: MGASA-2020-0095 - Updated postgresql packages fix security vulnerability

Updated postgresql packages fix security vulnerability

Publication date: 21 Feb 2020
Modification date: 21 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1720

Description

Updated postgresql9.6 and postgresql11 packages fix security vulnerability:

The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization
checks, which can allow an unprivileged user to drop any function, procedure,
materialized view, index, or trigger under certain conditions. This attack is
possible if an administrator has installed an extension and an unprivileged
user can CREATE, or an extension owner either executes DROP EXTENSION
predictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720).

References

https://bugs.mageia.org/show_bug.cgi?id=26196
https://www.postgresql.org/about/news/2011/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1720

SRPMS

7/core

postgresql9.6-9.6.17-1.mga7
postgresql11-11.7-1.mga7

Advisories » MGASA-2020-0095

Updated postgresql packages fix security vulnerability

Description

References

SRPMS

7/core