Lucene search

RedHatRHSA-2021:0164

HistoryJan 18, 2021 - 9:18 a.m.

(RHSA-2021:0164) Important: postgresql:9.6 security update

2021-01-1809:18:50

access.redhat.com

145

postgres database

security update

cve-2020-25694

cve-2020-25695

cve-2019-10208

cve-2020-14350

cve-2020-25696

cve-2019-10130

cve-2020-1720

unix

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.026

Percentile

90.5%

JSON

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (9.6.20).

Security Fix(es):

postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)
postgresql: Multiple features escape “security restricted operation” sandbox (CVE-2020-25695)
postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)
postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)
postgresql: psql’s \gset allows overwriting specially treated variables (CVE-2020-25696)
postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)
postgresql: ALTER … DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64postgresql-debuginfo< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHatanyx86_64postgresql-static< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
RedHatanyx86_64postgresql-plperl< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
RedHatanyaarch64postgresql-pltcl-debuginfo< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-pltcl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHatanyaarch64postgresql-server-debuginfo< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-server-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHatanys390xpostgresql-server< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
RedHatanyaarch64postgresql-pltcl< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHatanyaarch64postgresql-server-devel< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHatanyppc64lepostgresql-test-debuginfo< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-test-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
RedHatanys390xpostgresql-debuginfo< 9.6.20-1.module+el8.2.0+8939+9a3b4b64postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	postgresql-debuginfo	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHat	any	x86_64	postgresql-static	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
RedHat	any	x86_64	postgresql-plperl	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.x86_64.rpm
RedHat	any	aarch64	postgresql-pltcl-debuginfo	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-pltcl-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHat	any	aarch64	postgresql-server-debuginfo	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-server-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHat	any	s390x	postgresql-server	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm
RedHat	any	aarch64	postgresql-pltcl	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHat	any	aarch64	postgresql-server-devel	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64.aarch64.rpm
RedHat	any	ppc64le	postgresql-test-debuginfo	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-test-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.ppc64le.rpm
RedHat	any	s390x	postgresql-debuginfo	< 9.6.20-1.module+el8.2.0+8939+9a3b4b64	postgresql-debuginfo-9.6.20-1.module+el8.2.0+8939+9a3b4b64.s390x.rpm