AVG-1276 log
Package | postgresql |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 12.4-2 |
Fixed | 12.5-1 |
Current |
16.6-1 [extra-testing] 16.3-4 [extra] |
Ticket | None |
Created | Thu Nov 12 16:16:51 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-25696 | Medium | Yes | Arbitrary code execution | A security issue has been found in PostgreSQL before 12.5, where psql's \gset allows overwriting specially treated variables. The \gset meta-command, which... |
CVE-2020-25695 | High | Yes | Sandbox escape | A security issue has been found in PostgreSQL before 12.5, where an attacker having permission to create non-temporary objects in at least one schema can... |
CVE-2020-25694 | Low | Yes | Silent downgrade | A security issue has been found in PostgreSQL before 12.5. Many PostgreSQL-provided client applications have options that create additional database... |
Date | Advisory | Package | Type |
---|---|---|---|
17 Nov 2020 | ASA-202011-14 | postgresql | multiple issues |
References |
---|
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ |