Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-10208 CVE-2020-14350 CVE-2019-10130 CVE-2020-1720 CVE-2019-10130 CVE-2019-10208 CVE-2020-1720 CVE-2020-14350 CVE-2019-10130 CVE-2019-10208 CVE-2020-1720 CVE-2020-14350

Source

Synopsis

Moderate: rh-postgresql96-postgresql security update

Type/Severity

Security Advisory: Moderate

Topic

An update for rh-postgresql96-postgresql is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 9 November 2020]
This advisory has been updated to push packages into the Red Hat Software Collections repositories for Red Hat Enterprise Linux 7.6 Extended Update Support and Red Hat Enterprise Linux 7.7 Extended Update Support. The packages included in this revised update have not been changed in any way from the packages included in the original advisory.

Description

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: rh-postgresql96-postgresql (9.6.19). (BZ#1881766, BZ#1881769, BZ#1881771, BZ#1881773)

Security Fix(es):

postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)
postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)
postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)
postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted after installing this update.

Affected Products

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

BZ - 1707109 - CVE-2019-10130 postgresql: Selectivity estimators bypass row security policies
BZ - 1734416 - CVE-2019-10208 postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution
BZ - 1798852 - CVE-2020-1720 postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks
BZ - 1865746 - CVE-2020-14350 postgresql: Uncontrolled search path element in CREATE EXTENSION

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook