Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2020-1443

Related Vulnerabilities: CVE-2019-10130   CVE-2019-10208   CVE-2020-14350   CVE-2020-1720  

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. (CVE-2019-10130) A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208) It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350) A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. (CVE-2020-1720)

Source

ALAS-2020-1443

Amazon Linux AMI Security Advisory: ALAS-2020-1443
Advisory Release Date: 2020-10-26 18:29 Pacific
Advisory Updated Date: 2020-10-27 21:17 Pacific
Severity: Medium
Issue Overview:

PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker. (CVE-2019-10130)

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208)

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. (CVE-2020-1720)


Affected Packages:

postgresql96


Issue Correction:
Run yum update postgresql96 to update your system.

New Packages:
i686:
    postgresql96-test-9.6.19-1.83.amzn1.i686
    postgresql96-9.6.19-1.83.amzn1.i686
    postgresql96-devel-9.6.19-1.83.amzn1.i686
    postgresql96-docs-9.6.19-1.83.amzn1.i686
    postgresql96-plperl-9.6.19-1.83.amzn1.i686
    postgresql96-static-9.6.19-1.83.amzn1.i686
    postgresql96-server-9.6.19-1.83.amzn1.i686
    postgresql96-contrib-9.6.19-1.83.amzn1.i686
    postgresql96-plpython27-9.6.19-1.83.amzn1.i686
    postgresql96-debuginfo-9.6.19-1.83.amzn1.i686
    postgresql96-libs-9.6.19-1.83.amzn1.i686
    postgresql96-plpython26-9.6.19-1.83.amzn1.i686

src:
    postgresql96-9.6.19-1.83.amzn1.src

x86_64:
    postgresql96-9.6.19-1.83.amzn1.x86_64
    postgresql96-test-9.6.19-1.83.amzn1.x86_64
    postgresql96-docs-9.6.19-1.83.amzn1.x86_64
    postgresql96-devel-9.6.19-1.83.amzn1.x86_64
    postgresql96-libs-9.6.19-1.83.amzn1.x86_64
    postgresql96-static-9.6.19-1.83.amzn1.x86_64
    postgresql96-server-9.6.19-1.83.amzn1.x86_64
    postgresql96-plpython26-9.6.19-1.83.amzn1.x86_64
    postgresql96-plpython27-9.6.19-1.83.amzn1.x86_64
    postgresql96-debuginfo-9.6.19-1.83.amzn1.x86_64
    postgresql96-plperl-9.6.19-1.83.amzn1.x86_64
    postgresql96-contrib-9.6.19-1.83.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started