[SECURITY] [DLA 2105-1] postgresql-9.4 security update

2020-02-1711:28:08

lists.debian.org

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

Package : postgresql-9.4
Version : 9.4.26-0+deb8u1
CVE ID : CVE-2020-1720

Tom Lane discovered that "ALTER … DEPENDS ON EXTENSION" sub commands
in the PostgreSQL database did not perform authorisation checks.

For Debian 8 "Jessie", this problem has been fixed in version
9.4.26-0+deb8u1.

We recommend that you upgrade your postgresql-9.4_9.4.26-0+deb8u1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian10armelpostgresql-pltcl-11-dbgsym< 11.7-0+deb10u1postgresql-pltcl-11-dbgsym_11.7-0+deb10u1_armel.deb
Debian9s390xpostgresql-client-9.6< 9.6.17-0+deb9u1postgresql-client-9.6_9.6.17-0+deb9u1_s390x.deb
Debian9ppc64elpostgresql-plperl-9.6< 9.6.17-0+deb9u1postgresql-plperl-9.6_9.6.17-0+deb9u1_ppc64el.deb
Debian10i386postgresql-client-11< 11.7-0+deb10u1postgresql-client-11_11.7-0+deb10u1_i386.deb
Debian9armhfpostgresql-9.6-dbg< 9.6.17-0+deb9u1postgresql-9.6-dbg_9.6.17-0+deb9u1_armhf.deb
Debian10mipslibecpg-compat3-dbgsym< 11.7-0+deb10u1libecpg-compat3-dbgsym_11.7-0+deb10u1_mips.deb
Debian10amd64postgresql-server-dev-11< 11.7-0+deb10u1postgresql-server-dev-11_11.7-0+deb10u1_amd64.deb
Debian10i386postgresql-plperl-11-dbgsym< 11.7-0+deb10u1postgresql-plperl-11-dbgsym_11.7-0+deb10u1_i386.deb
Debian8allpostgresql-doc-9.4< 9.4.26-0+deb8u1postgresql-doc-9.4_9.4.26-0+deb8u1_all.deb
Debian10i386postgresql-server-dev-11-dbgsym< 11.7-0+deb10u1postgresql-server-dev-11-dbgsym_11.7-0+deb10u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armel	postgresql-pltcl-11-dbgsym	< 11.7-0+deb10u1	postgresql-pltcl-11-dbgsym_11.7-0+deb10u1_armel.deb
Debian	9	s390x	postgresql-client-9.6	< 9.6.17-0+deb9u1	postgresql-client-9.6_9.6.17-0+deb9u1_s390x.deb
Debian	9	ppc64el	postgresql-plperl-9.6	< 9.6.17-0+deb9u1	postgresql-plperl-9.6_9.6.17-0+deb9u1_ppc64el.deb
Debian	10	i386	postgresql-client-11	< 11.7-0+deb10u1	postgresql-client-11_11.7-0+deb10u1_i386.deb
Debian	9	armhf	postgresql-9.6-dbg	< 9.6.17-0+deb9u1	postgresql-9.6-dbg_9.6.17-0+deb9u1_armhf.deb
Debian	10	mips	libecpg-compat3-dbgsym	< 11.7-0+deb10u1	libecpg-compat3-dbgsym_11.7-0+deb10u1_mips.deb
Debian	10	amd64	postgresql-server-dev-11	< 11.7-0+deb10u1	postgresql-server-dev-11_11.7-0+deb10u1_amd64.deb
Debian	10	i386	postgresql-plperl-11-dbgsym	< 11.7-0+deb10u1	postgresql-plperl-11-dbgsym_11.7-0+deb10u1_i386.deb
Debian	8	all	postgresql-doc-9.4	< 9.4.26-0+deb8u1	postgresql-doc-9.4_9.4.26-0+deb8u1_all.deb
Debian	10	i386	postgresql-server-dev-11-dbgsym	< 11.7-0+deb10u1	postgresql-server-dev-11-dbgsym_11.7-0+deb10u1_i386.deb