AVG-1276 log
| Package | postgresql |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 12.4-2 |
| Fixed | 12.5-1 |
| Current | 16.3-4 [extra] |
| Ticket | None |
| Created | Thu Nov 12 16:16:51 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-25696 | Medium | Yes | Arbitrary code execution | A security issue has been found in PostgreSQL before 12.5, where psql's \gset allows overwriting specially treated variables. The \gset meta-command, which... |
| CVE-2020-25695 | High | Yes | Sandbox escape | A security issue has been found in PostgreSQL before 12.5, where an attacker having permission to create non-temporary objects in at least one schema can... |
| CVE-2020-25694 | Low | Yes | Silent downgrade | A security issue has been found in PostgreSQL before 12.5. Many PostgreSQL-provided client applications have options that create additional database... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 17 Nov 2020 | ASA-202011-14 | postgresql | multiple issues |
| References |
|---|
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ |