vulnerability

CentOS Linux: CVE-2020-14350: Moderate: postgresql:10 security and bug fix update (Multiple Advisories)

Try Surface Command
Back to search
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
08/24/2020
Added
09/09/2020
Modified
01/28/2025

Description

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

Solution(s)

centos-upgrade-pgauditcentos-upgrade-pgaudit-debuginfocentos-upgrade-pgaudit-debugsourcecentos-upgrade-postgres-decoderbufscentos-upgrade-postgres-decoderbufs-debuginfocentos-upgrade-postgres-decoderbufs-debugsourcecentos-upgrade-postgresqlcentos-upgrade-postgresql-contribcentos-upgrade-postgresql-contrib-debuginfocentos-upgrade-postgresql-debuginfocentos-upgrade-postgresql-debugsourcecentos-upgrade-postgresql-docscentos-upgrade-postgresql-docs-debuginfocentos-upgrade-postgresql-plperlcentos-upgrade-postgresql-plperl-debuginfocentos-upgrade-postgresql-plpython3centos-upgrade-postgresql-plpython3-debuginfocentos-upgrade-postgresql-pltclcentos-upgrade-postgresql-pltcl-debuginfocentos-upgrade-postgresql-servercentos-upgrade-postgresql-server-debuginfocentos-upgrade-postgresql-server-develcentos-upgrade-postgresql-server-devel-debuginfocentos-upgrade-postgresql-staticcentos-upgrade-postgresql-testcentos-upgrade-postgresql-test-debuginfocentos-upgrade-postgresql-test-rpm-macroscentos-upgrade-postgresql-upgradecentos-upgrade-postgresql-upgrade-debuginfocentos-upgrade-postgresql-upgrade-develcentos-upgrade-postgresql-upgrade-devel-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today