1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • PostgreSQL vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, February 18, 2020 12:10:03
    postgresql-10, postgresql-11 vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS

    Summary

    PostgreSQL could allow unintended access to the database.

    Software Description

    * postgresql-11 - Object-relational SQL database
    * postgresql-10 - Object-relational SQL database

    Details

    It was discovered that PostgreSQL incorrectly performed
    authorization checks when handling the "ALTER ... DEPENDS ON
    EXTENSION" sub-commands. A remote attacker could possibly use this
    issue to drop any function, procedure, materialized view, index,
    or trigger under certain conditions.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    postgresql-11 - 11.7-0ubuntu0.19.10.1

    Ubuntu 18.04 LTS
    postgresql-10 - 10.12-0ubuntu0.18.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    This update uses a new upstream release, which includes additional
    bug fixes. After a standard system update you need to restart
    PostgreSQL to make all the necessary changes.

    References

    * CVE-2020-1720

    --- Mystic BBS v1.12 A44 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)