AVG-1276 log

Package postgresql
Status Fixed
Severity High
Type multiple issues
Affected 12.4-2
Fixed 12.5-1
Current 16.6-1 [extra-testing]
16.3-4 [extra]
Ticket None
Created Thu Nov 12 16:16:51 2020
Issue Severity Remote Type Description
CVE-2020-25696 Medium Yes Arbitrary code execution
A security issue has been found in PostgreSQL before 12.5, where psql's \gset allows overwriting specially treated variables. The \gset meta-command, which...
CVE-2020-25695 High Yes Sandbox escape
A security issue has been found in PostgreSQL before 12.5, where an attacker having permission to create non-temporary objects in at least one schema can...
CVE-2020-25694 Low Yes Silent downgrade
A security issue has been found in PostgreSQL before 12.5. Many PostgreSQL-provided client applications have options that create additional database...
Date Advisory Package Type
17 Nov 2020 ASA-202011-14 postgresql multiple issues
References
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/