- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4633-1
November 17, 2020
postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
– postgresql-12: Object-relational SQL database
– postgresql-10: Object-relational SQL database
– postgresql-9.5: Object-relational SQL database
Details:
Peter Eisentraut discovered that PostgreSQL incorrectly handled connection
security settings. Client applications could possibly be connecting with
certain security parameters dropped, contrary to expectations.
(CVE-2020-25694)
Etienne Stalmans discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox. An authenticated remote attacker
could possibly use this issue to execute arbitrary SQL functions as a
superuser. (CVE-2020-25695)
Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset
meta-command. A remote attacker with a compromised server could possibly
use this issue to execute arbitrary code. (CVE-2020-25696)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
postgresql-12 12.5-0ubuntu0.20.10.1
Ubuntu 20.04 LTS:
postgresql-12 12.5-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
postgresql-10 10.15-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
postgresql-9.5 9.5.24-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References:
https://usn.ubuntu.com/4633-1
CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
Package Information:
https://launchpad.net/ubuntu/+source/postgresql-12/12.5-0ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/postgresql-12/12.5-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/postgresql-10/10.15-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.24-0ubuntu0.16.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+z4HYACgkQZWnYVadE
vpMlXw//ZDTEd1kCIHeiv/saZrKYRwiGhXBh1lI2Y43j9vdOoD9r2+y0HMKG3jfW
wFMgwad4ZIymaoXDdG9CWLBiaolvNPAbAjOl4D/nOWs3WgjvOwuKzwpSiEQ3wMSC
Y84CzUj2iX68+ZaHRn6DU2ca59YCaL4Thbkxv46ELrNEwebGZ+V3kYVmfm1dY3n1
p6iv7npECXZY7Fa70wV6dZctZ/+nT82YDXQDPz5Mx+FM+ACMx96dDMj8sc9OZbRx
EudQ/7TaoKIWoYOLN0sEZJzjZ3S2/e7TfNpSZ5lZQ6uOC9XKsHMHHsZ8T+Sbzd5q
7zen+Eb1es7+5gz3QJqU8dCQH+zjhFBGZaVtAQUO3Um2WTuhLC3i5wBSeefzT7Qg
bg/oc2Y7NbMOgJk9hs/45PpuNiMvK44+mvgHdRmUe25h+zZtWVIJG4yBQMQDVZKt
Pqk2soqRDGezVMwamJK1BAOmptBqU8VE6XeoKUgp0CdPwBp/zdlRIF1LTrdI0d8o
t2vZ57upspFhCl5xESJ9v7iEiN2iKrrTO6TLs+BUAkoR881HoeW6H8i+ssQHSezU
tDJ3niT2AGS7DWISZTIUVLEMTCMu9TXb6GQe8V76UIXcgSMiC3cHxIttwVPRGMWv
KLOUp2KmGC2qGBPDlxhfVpd61pSLL/4JuU4o6uwaqFQRf2bBUBE=
=PhM6
—–END PGP SIGNATURE—–
—
| Autor | Dona Seruga |
| Cert id | NCERT-REF-2020-11-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
