[SECURITY] [DSA 4623-1] postgresql-11 security update

2020-02-1321:37:19

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.8%

JSON

Debian Security Advisory DSA-4623-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq

Package : postgresql-11
CVE ID : CVE-2020-1720

Tom Lane discovered that "ALTER … DEPENDS ON EXTENSION" sub commands
in the PostgreSQL database did not perform authorisation checks.

For the stable distribution (buster), this problem has been fixed in
version 11.7-0+deb10u1.

We recommend that you upgrade your postgresql-11 packages.

For the detailed security status of postgresql-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10amd64libpgtypes3< 11.7-0+deb10u1libpgtypes3_11.7-0+deb10u1_amd64.deb
Debian9i386postgresql-9.6< 9.6.17-0+deb9u1postgresql-9.6_9.6.17-0+deb9u1_i386.deb
Debian10ppc64elpostgresql-11< 11.7-0+deb10u1postgresql-11_11.7-0+deb10u1_ppc64el.deb
Debian8armelpostgresql-9.4-dbg< 9.4.26-0+deb8u1postgresql-9.4-dbg_9.4.26-0+deb8u1_armel.deb
Debian10amd64libecpg-dev< 11.7-0+deb10u1libecpg-dev_11.7-0+deb10u1_amd64.deb
Debian9amd64libecpg-dev< 9.6.17-0+deb9u1libecpg-dev_9.6.17-0+deb9u1_amd64.deb
Debian9s390xpostgresql-server-dev-9.6< 9.6.17-0+deb9u1postgresql-server-dev-9.6_9.6.17-0+deb9u1_s390x.deb
Debian8amd64libecpg6< 9.4.26-0+deb8u1libecpg6_9.4.26-0+deb8u1_amd64.deb
Debian10mipslibecpg6< 11.7-0+deb10u1libecpg6_11.7-0+deb10u1_mips.deb
Debian9mipspostgresql-9.6< 9.6.17-0+deb9u1postgresql-9.6_9.6.17-0+deb9u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	libpgtypes3	< 11.7-0+deb10u1	libpgtypes3_11.7-0+deb10u1_amd64.deb
Debian	9	i386	postgresql-9.6	< 9.6.17-0+deb9u1	postgresql-9.6_9.6.17-0+deb9u1_i386.deb
Debian	10	ppc64el	postgresql-11	< 11.7-0+deb10u1	postgresql-11_11.7-0+deb10u1_ppc64el.deb
Debian	8	armel	postgresql-9.4-dbg	< 9.4.26-0+deb8u1	postgresql-9.4-dbg_9.4.26-0+deb8u1_armel.deb
Debian	10	amd64	libecpg-dev	< 11.7-0+deb10u1	libecpg-dev_11.7-0+deb10u1_amd64.deb
Debian	9	amd64	libecpg-dev	< 9.6.17-0+deb9u1	libecpg-dev_9.6.17-0+deb9u1_amd64.deb
Debian	9	s390x	postgresql-server-dev-9.6	< 9.6.17-0+deb9u1	postgresql-server-dev-9.6_9.6.17-0+deb9u1_s390x.deb
Debian	8	amd64	libecpg6	< 9.4.26-0+deb8u1	libecpg6_9.4.26-0+deb8u1_amd64.deb
Debian	10	mips	libecpg6	< 11.7-0+deb10u1	libecpg6_11.7-0+deb10u1_mips.deb
Debian	9	mips	postgresql-9.6	< 9.6.17-0+deb9u1	postgresql-9.6_9.6.17-0+deb9u1_mips.deb