SB2020090886 - Red Hat Enterprise Linux 8 update for the postgresql:10 module

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020090886

SB2020090886 - Red Hat Enterprise Linux 8 update for the postgresql:10 module

Published: September 8, 2020 Updated: April 24, 2025

Security Bulletin ID SB2020090886
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10130)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of row security policies. A remote attacker can use statistics, generated for tables to bypass row security policies and gain access to restricted rows.


2) Stack-based buffer overflow (CVE-ID: CVE-2019-10164)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing users passwords. A remote authenticated user can change his/her password to a specially crafted string, trigger stack-based buffer overflow and execute arbitrary code on the target system or crash the PostgreSQL process.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10208)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.


4) Improper Authorization (CVE-ID: CVE-2020-1720)

The vulnerability allows a remote attacker to perform unauthorized modification of data in database.

The vulnerability exists due to the ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.


5) Untrusted search path (CVE-ID: CVE-2020-14349)

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to the way PostgreSQL handles search_path during replications. Users of a replication publisher or subscriber database can create objects in the public schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser.


6) Untrusted search path (CVE-ID: CVE-2020-14350)

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to the way PostgreSQL handles CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.


Remediation

Install update from vendor's website.

References