Medium: postgresql94

2020-10-26T18:25:00
ID ALAS-2020-1441
Type amazon
Reporter Amazon
Modified 2020-10-26T18:25:00

Description

Issue Overview:

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208 __)

Affected Packages:

postgresql94

Issue Correction:
Run yum update postgresql94 to update your system.

New Packages:

i686:  
    postgresql94-debuginfo-9.4.26-1.77.amzn1.i686  
    postgresql94-plpython27-9.4.26-1.77.amzn1.i686  
    postgresql94-server-9.4.26-1.77.amzn1.i686  
    postgresql94-libs-9.4.26-1.77.amzn1.i686  
    postgresql94-docs-9.4.26-1.77.amzn1.i686  
    postgresql94-test-9.4.26-1.77.amzn1.i686  
    postgresql94-9.4.26-1.77.amzn1.i686  
    postgresql94-plpython26-9.4.26-1.77.amzn1.i686  
    postgresql94-contrib-9.4.26-1.77.amzn1.i686  
    postgresql94-devel-9.4.26-1.77.amzn1.i686  
    postgresql94-plperl-9.4.26-1.77.amzn1.i686

src:  
    postgresql94-9.4.26-1.77.amzn1.src

x86_64:  
    postgresql94-devel-9.4.26-1.77.amzn1.x86_64  
    postgresql94-9.4.26-1.77.amzn1.x86_64  
    postgresql94-contrib-9.4.26-1.77.amzn1.x86_64  
    postgresql94-debuginfo-9.4.26-1.77.amzn1.x86_64  
    postgresql94-docs-9.4.26-1.77.amzn1.x86_64  
    postgresql94-plperl-9.4.26-1.77.amzn1.x86_64  
    postgresql94-libs-9.4.26-1.77.amzn1.x86_64  
    postgresql94-server-9.4.26-1.77.amzn1.x86_64  
    postgresql94-plpython26-9.4.26-1.77.amzn1.x86_64  
    postgresql94-test-9.4.26-1.77.amzn1.x86_64  
    postgresql94-plpython27-9.4.26-1.77.amzn1.x86_64