{"id": "ORACLELINUX_ELSA-2020-56201.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 8 : ELSA-2020-5620-1: / postgresql:12 (ELSA-2020-56201)", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-56201 advisory.\n\n - It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize\n the search_path during logical replication. An authenticated attacker could use this flaw in an attack\n similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for\n replication. (CVE-2020-14349)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses\n the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-\n the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat\n from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25694)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one\n schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)\n\n - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,\n before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset\n when querying a compromised server, the attacker can execute arbitrary code as the operating system\n account running psql. The highest threat from this vulnerability is to data confidentiality and integrity\n as well as system availability. (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2020-12-23T00:00:00", "modified": "2020-12-23T00:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/144564", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://linux.oracle.com/errata/ELSA-2020-5620-1.html"], "cvelist": ["CVE-2020-25695", "CVE-2018-1058", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349"], "type": "nessus", "lastseen": "2020-12-31T13:19:53", "edition": 3, "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ORACLELINUX_ELSA-2020-56191.NASL", "REDHAT-RHSA-2020-5661.NASL", "REDHAT-RHSA-2021-0166.NASL", "REDHAT-RHSA-2020-5620.NASL", "SUSE_SU-2020-3630-1.NASL", "REDHAT-RHSA-2020-5664.NASL", "REDHAT-RHSA-2021-0167.NASL", "REDHAT-RHSA-2020-5619.NASL", "REDHAT-RHSA-2021-0164.NASL", "REDHAT-RHSA-2021-0163.NASL"]}, {"type": "redhat", "idList": ["RHSA-2020:5620", "RHSA-2021:0163", "RHSA-2021:0164", "RHSA-2021:0167", "RHSA-2021:0166", "RHSA-2020:5661", "RHSA-2020:5664", "RHSA-2020:5317", "RHSA-2020:5619", "RHSA-2021:0161"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5620-1", "ELSA-2020-5619-1", "ELSA-2020-5401", "ELSA-2020-5567-1"]}, {"type": "cve", "idList": ["CVE-2020-25694", "CVE-2018-1058", "CVE-2020-14350", "CVE-2020-25695", "CVE-2020-1720", "CVE-2020-25696", "CVE-2020-14349"]}, {"type": "postgresql", "idList": ["POSTGRESQL:CVE-2020-25694", "POSTGRESQL:CVE-2020-14350", "POSTGRESQL:CVE-2020-25696", "POSTGRESQL:CVE-2020-14349", "POSTGRESQL:CVE-2018-1058", "POSTGRESQL:CVE-2020-25695", "POSTGRESQL:CVE-2020-1720"]}, {"type": "archlinux", "idList": ["ASA-202011-14"]}, {"type": "gentoo", "idList": ["GLSA-202012-07", "GLSA-202008-13"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2478-1:FF315"]}, {"type": "amazon", "idList": ["ALAS-2021-1476"]}, {"type": "ubuntu", "idList": ["USN-4472-1", "USN-4633-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1228-1", "OPENSUSE-SU-2020:1243-1", "OPENSUSE-SU-2020:1244-1", "OPENSUSE-SU-2020:1326-1", "OPENSUSE-SU-2020:1312-1"]}], "modified": "2020-12-31T13:19:53", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-12-31T13:19:53", "rev": 2}, "vulnersScore": 5.4}, "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-56201.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144564);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"Oracle Linux 8 : ELSA-2020-5620-1: / postgresql:12 (ELSA-2020-56201)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-56201 advisory.\n\n - It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize\n the search_path during logical replication. An authenticated attacker could use this flaw in an attack\n similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for\n replication. (CVE-2020-14349)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses\n the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-\n the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat\n from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25694)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one\n schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)\n\n - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,\n before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset\n when querying a compromised server, the attacker can execute arbitrary code as the operating system\n account running psql. The highest threat from this vulnerability is to data confidentiality and integrity\n as well as system availability. (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5620-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'pgaudit-1.4.0-4.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-contrib-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-docs-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-plperl-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-server-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-static-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-test-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-test-rpm-macros-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.3.0+9608+b210d254', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / postgres-decoderbufs / postgresql / etc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "144564", "cpe": ["p-cpe:/a:oracle:linux:pgaudit", "p-cpe:/a:oracle:linux:postgresql-server-devel", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-plpython3", "p-cpe:/a:oracle:linux:postgresql-test-rpm-macros", "p-cpe:/a:oracle:linux:postgresql-pltcl", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgres-decoderbufs", "p-cpe:/a:oracle:linux:postgresql-static", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql-server", "p-cpe:/a:oracle:linux:postgresql-upgrade", "p-cpe:/a:oracle:linux:postgresql-upgrade-devel"], "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "scheme": null}

{"nessus": [{"lastseen": "2020-12-22T05:50:43", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5620 advisory.\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-18T00:00:00", "title": "RHEL 8 : postgresql:12 (RHSA-2020:5620)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349"], "modified": "2020-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs-debugsource", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:pgaudit-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2020-5620.NASL", "href": "https://www.tenable.com/plugins/nessus/144417", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5620. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144417);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_xref(name:\"RHSA\", value:\"2020:5620\");\n\n script_name(english:\"RHEL 8 : postgresql:12 (RHSA-2020:5620)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5620 advisory.\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5620');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:12': [\n {'reference':'pgaudit-1.4.0-4.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'pgaudit-1.4.0-4.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'pgaudit-1.4.0-4.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'pgaudit-debugsource-1.4.0-4.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'pgaudit-debugsource-1.4.0-4.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'pgaudit-debugsource-1.4.0-4.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgres-decoderbufs-debugsource-0.10.0-2.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgres-decoderbufs-debugsource-0.10.0-2.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgres-decoderbufs-debugsource-0.10.0-2.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-12.5-1.module+el8.3.0+9042+664538f4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.3.0+9042+664538f4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / pgaudit-debugsource / postgres-decoderbufs / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:07:50", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0163 advisory.\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-18T00:00:00", "title": "RHEL 8 : postgresql:12 (RHSA-2021:0163)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349"], "modified": "2021-01-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs-debugsource", "p-cpe:/a:redhat:enterprise_linux:pgaudit", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel", "p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_tus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:pgaudit-debugsource", "cpe:/o:redhat:rhel_aus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "cpe:/a:redhat:rhel_aus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:rhel_eus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/a:redhat:rhel_eus:8.2::appstream"], "id": "REDHAT-RHSA-2021-0163.NASL", "href": "https://www.tenable.com/plugins/nessus/145044", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0163. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145044);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0163\");\n\n script_name(english:\"RHEL 8 : postgresql:12 (RHSA-2021:0163)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0163 advisory.\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_aus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_tus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pgaudit-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgres-decoderbufs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0163');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:12': [\n {'reference':'pgaudit-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'pgaudit-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'pgaudit-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'pgaudit-debugsource-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'pgaudit-debugsource-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'pgaudit-debugsource-1.4.0-4.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgres-decoderbufs-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgres-decoderbufs-debugsource-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgres-decoderbufs-debugsource-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgres-decoderbufs-debugsource-0.10.0-2.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-upgrade-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-upgrade-devel-12.5-1.module+el8.2.0+9043+1dbb5661', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:12');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgaudit / pgaudit-debugsource / postgres-decoderbufs / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:30:40", "description": "This update for postgresql12 fixes the following issues :\n\nUpgrade to version 12.5 :\n\nCVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and\nfiring of deferred triggers within index expressions and materialized\nview queries.\n\nCVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string\nparameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb.\nb) When psql's \\connect command re-uses connection parameters, ensure\nthat all non-overridden parameters from a previous connection string\nare re-used.\n\nCVE-2020-25696, bsc#1178668: Prevent psql's \\gset command from\nmodifying specially-treated variables.\n\nFix recently-added timetz test case so it works when the USA is not\nobserving daylight savings time. (obsoletes postgresql-timetz.patch)\n\nhttps://www.postgresql.org/about/news/2111/\n\nhttps://www.postgresql.org/docs/12/release-12-5.html\n\nThe previous postgresql12 update already addressed :\n\nUpdate to 12.4 :\n\nCVE-2020-14349, bsc#1175193: Set a secure search_path in logical\nreplication walsenders and apply workers\n\nCVE-2020-14350, bsc#1175194: Make contrib modules' installation\nscripts more secure.\n\nhttps://www.postgresql.org/docs/12/release-12-4.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2020:3630-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-14349"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:postgresql12-server-debuginfo", "p-cpe:/a:novell:suse_linux:postgresql12-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:postgresql12-debuginfo", "p-cpe:/a:novell:suse_linux:postgresql12-contrib", "p-cpe:/a:novell:suse_linux:postgresql12-plperl-debuginfo", "p-cpe:/a:novell:suse_linux:libpq5", "p-cpe:/a:novell:suse_linux:postgresql12-pltcl-debuginfo", "p-cpe:/a:novell:suse_linux:postgresql12-server", "p-cpe:/a:novell:suse_linux:postgresql12-plperl", "p-cpe:/a:novell:suse_linux:libecpg6", "p-cpe:/a:novell:suse_linux:libecpg6-debuginfo", "p-cpe:/a:novell:suse_linux:postgresql12", "p-cpe:/a:novell:suse_linux:postgresql12-contrib-debuginfo", "p-cpe:/a:novell:suse_linux:libpq5-debuginfo", "p-cpe:/a:novell:suse_linux:postgresql12-plpython-debuginfo", "p-cpe:/a:novell:suse_linux:postgresql12-pltcl", "p-cpe:/a:novell:suse_linux:postgresql12-plpython"], "id": "SUSE_SU-2020-3630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143653);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-14349\", \"CVE-2020-14350\", \"CVE-2020-25694\", \"CVE-2020-25695\", \"CVE-2020-25696\");\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"SUSE SLES12 Security Update : postgresql12 (SUSE-SU-2020:3630-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for postgresql12 fixes the following issues :\n\nUpgrade to version 12.5 :\n\nCVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and\nfiring of deferred triggers within index expressions and materialized\nview queries.\n\nCVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string\nparameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb.\nb) When psql's \\connect command re-uses connection parameters, ensure\nthat all non-overridden parameters from a previous connection string\nare re-used.\n\nCVE-2020-25696, bsc#1178668: Prevent psql's \\gset command from\nmodifying specially-treated variables.\n\nFix recently-added timetz test case so it works when the USA is not\nobserving daylight savings time. (obsoletes postgresql-timetz.patch)\n\nhttps://www.postgresql.org/about/news/2111/\n\nhttps://www.postgresql.org/docs/12/release-12-5.html\n\nThe previous postgresql12 update already addressed :\n\nUpdate to 12.4 :\n\nCVE-2020-14349, bsc#1175193: Set a secure search_path in logical\nreplication walsenders and apply workers\n\nCVE-2020-14350, bsc#1175194: Make contrib modules' installation\nscripts more secure.\n\nhttps://www.postgresql.org/docs/12/release-12-4.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/about/news/2111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/12/release-12-4.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.postgresql.org/docs/12/release-12-5.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14349/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25694/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25695/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25696/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203630-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ebb47bf9\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3630=1\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3630=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-3630=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-3630=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-3630=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3630=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3630=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3630=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3630=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3630=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3630=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3630=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3630=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3630=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3630=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-3630=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-3630=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libecpg6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpq5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-contrib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-plperl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-plpython\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-plpython-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-pltcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql12-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libecpg6-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libecpg6-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpq5-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpq5-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpq5-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpq5-debuginfo-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libecpg6-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libecpg6-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpq5-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpq5-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpq5-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpq5-debuginfo-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libecpg6-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libecpg6-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpq5-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpq5-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpq5-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpq5-debuginfo-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libecpg6-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libecpg6-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpq5-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpq5-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpq5-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpq5-debuginfo-32bit-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-contrib-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-contrib-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-debugsource-12.5-3.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-debugsource-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-plperl-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-plperl-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-plpython-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-plpython-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-pltcl-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-pltcl-debuginfo-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-server-12.5-3.9.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"postgresql12-server-debuginfo-12.5-3.9.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql12\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-31T14:07:22", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5664 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-22T00:00:00", "title": "RHEL 8 : postgresql:10 (RHSA-2020:5664)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349", "CVE-2019-10164"], "modified": "2020-12-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.0::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/o:redhat:rhel_e4s:8.0"], "id": "REDHAT-RHSA-2020-5664.NASL", "href": "https://www.tenable.com/plugins/nessus/144559", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5664. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144559);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10164\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452, 108875);\n script_xref(name:\"RHSA\", value:\"2020:5664\");\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2020:5664)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5664 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1719698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10164\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 121, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5664');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:10': [\n {'reference':'postgresql-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.0.0+9155+4a85661a', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-23T13:43:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0166 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-21T00:00:00", "title": "RHEL 8 : postgresql:10 (RHSA-2021:0166)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349", "CVE-2019-10164"], "modified": "2021-01-21T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_eus:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2021-0166.NASL", "href": "https://www.tenable.com/plugins/nessus/145243", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0166. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145243);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10164\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14349\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452, 108875);\n script_xref(name:\"RHSA\", value:\"2021:0166\");\n\n script_name(english:\"RHEL 8 : postgresql:10 (RHSA-2021:0166)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0166 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/121.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1719698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10164\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 121, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-upgrade-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0166');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\nif ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:10': [\n {'reference':'postgresql-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-upgrade-devel-10.15-1.module+el8.1.0+9154+cd474635', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:10');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-31T14:07:21", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5661 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-22T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2020:5661)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2020-12-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.0::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/o:redhat:rhel_e4s:8.0"], "id": "REDHAT-RHSA-2020-5661.NASL", "href": "https://www.tenable.com/plugins/nessus/144560", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5661. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144560);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2020:5661\");\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2020:5661)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5661 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_0_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_0',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_0'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5661');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.0.0+9157+356b8def', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_0_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-22T05:50:43", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5619 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-18T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2020:5619)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2020-12-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "p-cpe:/a:redhat:enterprise_linux:postgresql", "cpe:/a:redhat:enterprise_linux:8::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2020-5619.NASL", "href": "https://www.tenable.com/plugins/nessus/144395", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:5619. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144395);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2020:5619\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2020:5619)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:5619 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:5619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:5619');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-31T13:19:53", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-56191 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses\n the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-\n the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat\n from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25694)\n\n - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,\n before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset\n when querying a compromised server, the attacker can execute arbitrary code as the operating system\n account running psql. The highest threat from this vulnerability is to data confidentiality and integrity\n as well as system availability. (CVE-2020-25696)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one\n schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-23T00:00:00", "title": "Oracle Linux 8 : ELSA-2020-5619-1: / postgresql:9.6 (ELSA-2020-56191)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2020-12-23T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:postgresql-server-devel", "p-cpe:/a:oracle:linux:postgresql-plperl", "p-cpe:/a:oracle:linux:postgresql-contrib", "p-cpe:/a:oracle:linux:postgresql-plpython3", "p-cpe:/a:oracle:linux:postgresql-test-rpm-macros", "p-cpe:/a:oracle:linux:postgresql-pltcl", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:postgresql-docs", "p-cpe:/a:oracle:linux:postgresql", "p-cpe:/a:oracle:linux:postgresql-static", "p-cpe:/a:oracle:linux:postgresql-test", "p-cpe:/a:oracle:linux:postgresql-server"], "id": "ORACLELINUX_ELSA-2020-56191.NASL", "href": "https://www.tenable.com/plugins/nessus/144565", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-56191.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144565);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/30\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"IAVB\", value:\"2020-B-0069\");\n\n script_name(english:\"Oracle Linux 8 : ELSA-2020-5619-1: / postgresql:9.6 (ELSA-2020-56191)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-56191 advisory.\n\n - A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8,\n 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for\n tables. Certain statistics, such as histograms and lists of most common values, contain values taken from\n the column. PostgreSQL does not evaluate row security policies before consulting those statistics during\n query planning; an attacker can exploit this to read the most common values of certain columns. Affected\n columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-\n level security prunes the set of rows visible to the attacker. (CVE-2019-10130)\n\n - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before\n 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a\n suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute\n arbitrary SQL as the owner of the function. (CVE-2019-10208)\n\n - A flaw was found in PostgreSQL's ALTER ... DEPENDS ON EXTENSION, where sub-commands did not perform\n authorization checks. An authenticated attacker could use this flaw in certain configurations to perform\n drop objects such as function, triggers, et al., leading to database corruption. This issue affects\n PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. (CVE-2020-1720)\n\n - It was found that some PostgreSQL extensions did not use search_path safely in their installation script.\n An attacker with sufficient privileges could use this flaw to trick an administrator into executing a\n specially crafted script, during the installation or update of such extension. This affects PostgreSQL\n versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. (CVE-2020-14350)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses\n the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-\n the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat\n from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25694)\n\n - A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,\n before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset\n when querying a compromised server, the attacker can execute arbitrary code as the operating system\n account running psql. The highest threat from this vulnerability is to data confidentiality and integrity\n as well as system availability. (CVE-2020-25696)\n\n - A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before\n 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one\n schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5619-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:postgresql-test-rpm-macros\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'postgresql-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-server-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-static-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-test-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+9604+f0f52296', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:07:50", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0164 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-18T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2021:0164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2021-01-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_tus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "cpe:/o:redhat:rhel_aus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "cpe:/a:redhat:rhel_aus:8.2::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "cpe:/o:redhat:rhel_eus:8.2", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib", "cpe:/a:redhat:rhel_eus:8.2::appstream"], "id": "REDHAT-RHSA-2021-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/145043", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0164. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145043);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2021:0164\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2021:0164)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0164 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_aus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_tus:8.2::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_2',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0164');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-debugsource-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.2.0+8939+9a3b4b64', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_eus_8_2_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-debugsource / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-22T13:35:39", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0167 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "title": "RHEL 8 : postgresql:9.6 (RHSA-2021:0167)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "modified": "2021-01-20T00:00:00", "cpe": ["cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-plperl", "p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel", "cpe:/a:redhat:rhel_eus:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros", "p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3", "cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl", "p-cpe:/a:redhat:enterprise_linux:postgresql-static", "p-cpe:/a:redhat:enterprise_linux:postgresql-docs", "cpe:/a:redhat:rhel_e4s:8.1::appstream", "p-cpe:/a:redhat:enterprise_linux:postgresql", "p-cpe:/a:redhat:enterprise_linux:postgresql-server", "p-cpe:/a:redhat:enterprise_linux:postgresql-test", "p-cpe:/a:redhat:enterprise_linux:postgresql-contrib"], "id": "REDHAT-RHSA-2021-0167.NASL", "href": "https://www.tenable.com/plugins/nessus/145227", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0167. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145227);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/21\");\n\n script_cve_id(\n \"CVE-2019-10130\",\n \"CVE-2019-10208\",\n \"CVE-2020-1720\",\n \"CVE-2020-14350\",\n \"CVE-2020-25694\",\n \"CVE-2020-25695\",\n \"CVE-2020-25696\"\n );\n script_bugtraq_id(108452);\n script_xref(name:\"RHSA\", value:\"2021:0167\");\n\n script_name(english:\"RHEL 8 : postgresql:9.6 (RHSA-2021:0167)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0167 advisory.\n\n - postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n - postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n - postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n - postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\n - postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n - postgresql: Multiple features escape security restricted operation sandbox (CVE-2020-25695)\n\n - postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/89.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/183.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/270.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/284.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/285.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/327.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14350\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1707109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1734416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1865746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1894430\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 89, 183, 270, 284, 285, 327);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plperl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-plpython3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-pltcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:postgresql-test-rpm-macros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_8_1_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_1'\n ],\n 'rhel_eus_8_1_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_1',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_1'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0167');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/postgresql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\nif ('9.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module postgresql:' + module_ver);\n\nappstreams = {\n 'postgresql:9.6': [\n {'reference':'postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-contrib-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-docs-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plperl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-plpython3-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-pltcl-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-server-devel-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-static-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']},\n {'reference':'postgresql-test-rpm-macros-9.6.20-1.module+el8.1.0+9156+8ff1384f', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_8_1_appstream', 'rhel_eus_8_1_appstream']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module postgresql:9.6');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'postgresql / postgresql-contrib / postgresql-docs / postgresql-plperl / etc');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-12-17T17:29:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (12.5).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-17T20:49:03", "published": "2020-12-17T20:30:10", "id": "RHSA-2020:5620", "href": "https://access.redhat.com/errata/RHSA-2020:5620", "type": "redhat", "title": "(RHSA-2020:5620) Important: postgresql:12 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:38:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (12.5).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:44:21", "published": "2021-01-18T14:18:11", "id": "RHSA-2021:0163", "href": "https://access.redhat.com/errata/RHSA-2021:0163", "type": "redhat", "title": "(RHSA-2021:0163) Important: postgresql:12 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T16:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10164", "CVE-2019-10208", "CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T21:08:45", "published": "2021-01-18T15:02:33", "id": "RHSA-2021:0166", "href": "https://access.redhat.com/errata/RHSA-2021:0166", "type": "redhat", "title": "(RHSA-2021:0166) Important: postgresql:10 security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-22T09:30:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10164", "CVE-2019-10208", "CVE-2020-14349", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-22T14:13:35", "published": "2020-12-22T13:57:48", "id": "RHSA-2020:5664", "href": "https://access.redhat.com/errata/RHSA-2020:5664", "type": "redhat", "title": "(RHSA-2020:5664) Important: postgresql:10 security update", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T16:40:41", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T21:08:50", "published": "2021-01-18T15:05:40", "id": "RHSA-2021:0167", "href": "https://access.redhat.com/errata/RHSA-2021:0167", "type": "redhat", "title": "(RHSA-2021:0167) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-22T09:32:04", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-22T13:47:09", "published": "2020-12-22T13:40:11", "id": "RHSA-2020:5661", "href": "https://access.redhat.com/errata/RHSA-2020:5661", "type": "redhat", "title": "(RHSA-2020:5661) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-17T17:31:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-17T20:32:28", "published": "2020-12-17T20:20:53", "id": "RHSA-2020:5619", "href": "https://access.redhat.com/errata/RHSA-2020:5619", "type": "redhat", "title": "(RHSA-2020:5619) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-18T10:41:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10130", "CVE-2019-10208", "CVE-2020-14350", "CVE-2020-1720", "CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (9.6.20).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208)\n\n* postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\n* postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130)\n\n* postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-01-18T14:46:33", "published": "2021-01-18T14:18:50", "id": "RHSA-2021:0164", "href": "https://access.redhat.com/errata/RHSA-2021:0164", "type": "redhat", "title": "(RHSA-2021:0164) Important: postgresql:9.6 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-16T15:30:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-02T15:22:35", "published": "2020-12-02T15:07:42", "id": "RHSA-2020:5316", "href": "https://access.redhat.com/errata/RHSA-2020:5316", "type": "redhat", "title": "(RHSA-2020:5316) Important: rh-postgresql10-postgresql security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-16T15:29:21", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "PostgreSQL is an advanced object-relational database management system (DBMS).\n\nThe following packages have been upgraded to a later upstream version: postgresql (10.15).\n\nSecurity Fix(es):\n\n* postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)\n\n* postgresql: Multiple features escape \"security restricted operation\" sandbox (CVE-2020-25695)\n\n* postgresql: psql's \\gset allows overwriting specially treated variables (CVE-2020-25696)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-12-16T13:13:44", "published": "2020-12-16T13:03:04", "id": "RHSA-2020:5567", "href": "https://access.redhat.com/errata/RHSA-2020:5567", "type": "redhat", "title": "(RHSA-2020:5567) Important: postgresql:10 security update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-12-30T19:18:34", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720", "CVE-2020-14349"], "description": "postgresql\n[12.5-1]\n- Rebase to upstream release 12.5\n Resolves: rhbz#1901555\n Resolves: rhbz#1898223\n Resolves: rhbz#1898329\n[12.1-3]\n- Release bump for 8.2.0 BZ#1776805\n[12.1-2]\n- Release bump for rebuild against libpq-12.1-3\n[12.1-1]\n- Rebase to upstream release 12.1\n[12.0-1]\n- Rebase to upstream release 12.0\n[12.0-0.3]\n- Rebase to upstream beta release 12beta4\n- postgresql-server-devel requires krb5-devel\n[12.0-0.2]\n- Rebase to upstream beta release 12beta3\n[12.0-0.1]\n- Rebase to upstream beta release 12beta2", "edition": 3, "modified": "2020-12-23T00:00:00", "published": "2020-12-23T00:00:00", "id": "ELSA-2020-5620-1", "href": "http://linux.oracle.com/errata/ELSA-2020-5620-1.html", "title": "postgresql:12 security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:27:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2019-10208", "CVE-2019-10130", "CVE-2020-25694", "CVE-2020-14350", "CVE-2020-25696", "CVE-2020-1720"], "description": "[9.6.20-1]\n- Rebase to upstream release 9.6.20\n Resolves: rhbz#1901563\n Resolves: rhbz#1898218\n Resolves: rhbz#1898334\n[9.6.19-1]\n- Rebase to 9.6.19\n Also fixes: CVE-2019-10208, CVE-2020-14350, CVE-2019-10130\n Resolves: #1741490\n Resolves: #1867111\n Resolves: #1845074", "edition": 3, "modified": "2020-12-23T00:00:00", "published": "2020-12-23T00:00:00", "id": "ELSA-2020-5619-1", "href": "http://linux.oracle.com/errata/ELSA-2020-5619-1.html", "title": "postgresql:9.6 security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:19:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-25696"], "description": "[10.15-1]\n- Rebase to upstream release 10.15\n Resolves: rhbz#1898213\n Resolves: rhbz#1898341\n Resolves: rhbz#1901567", "edition": 2, "modified": "2020-12-22T00:00:00", "published": "2020-12-22T00:00:00", "id": "ELSA-2020-5567-1", "href": "http://linux.oracle.com/errata/ELSA-2020-5567-1.html", "title": "postgresql:10 security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-16T19:31:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25694", "CVE-2020-25696"], "description": "[12.5-1]\n- Rebase to upstream release 12.5\n Resolves: rhbz#1898228\n Resolves: rhbz#1901558", "edition": 2, "modified": "2020-12-15T00:00:00", "published": "2020-12-15T00:00:00", "id": "ELSA-2020-5401", "href": "http://linux.oracle.com/errata/ELSA-2020-5401.html", "title": "libpq security update", "type": "oraclelinux", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T22:03:11", "description": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-16T01:15:00", "title": "CVE-2020-25695", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25695"], "modified": "2020-12-07T02:15:00", "cpe": [], "id": "CVE-2020-25695", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25695", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T22:03:11", "description": "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "edition": 8, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-16T01:15:00", "title": "CVE-2020-25694", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25694"], "modified": "2020-12-07T02:15:00", "cpe": [], "id": "CVE-2020-25694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25694", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-16T17:49:22", "description": "A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \\gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "edition": 8, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-23T22:15:00", "title": "CVE-2020-25696", "type": "cve", "cwe": ["CWE-270", "CWE-183", "CWE-697"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25696"], "modified": "2020-12-15T19:37:00", "cpe": ["cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-25696", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25696", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.", "edition": 8, "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-24T13:15:00", "title": "CVE-2020-14350", "type": "cve", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14350"], "modified": "2020-09-18T12:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-14350", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14350", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T22:03:07", "description": "It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication.", "edition": 7, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-08-24T13:15:00", "title": "CVE-2020-14349", "type": "cve", "cwe": ["CWE-427", "CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14349"], "modified": "2020-09-18T12:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1", "cpe:/o:opensuse:leap:15.2"], "id": "CVE-2020-14349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14349", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:30", "description": "A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.", "edition": 13, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-02T15:29:00", "title": "CVE-2018-1058", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1058"], "modified": "2019-10-09T23:38:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/a:redhat:cloudforms:4.6", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:postgresql:postgresql:10.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-1058", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1058", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T22:03:10", "description": "A flaw was found in PostgreSQL's \"ALTER ... DEPENDS ON EXTENSION\", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-03-17T16:15:00", "title": "CVE-2020-1720", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1720"], "modified": "2020-08-17T19:15:00", "cpe": ["cpe:/a:redhat:decision_manager:7.0", "cpe:/a:redhat:software_collections:-", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "CVE-2020-1720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1720", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*"]}], "postgresql": [{"lastseen": "2020-12-24T14:27:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-25694"], "description": "Reconnection can downgrade connection security settings", "edition": 4, "modified": "2020-11-16T01:15:00", "published": "2020-11-16T01:15:00", "id": "POSTGRESQL:CVE-2020-25694", "href": "https://www.postgresql.org/support/security/", "title": "Vulnerability in client (CVE-2020-25694)", "type": "postgresql", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:27:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-25696"], "description": "psql's \\gset allows overwriting specially treated variables", "edition": 5, "modified": "2020-11-23T22:15:00", "published": "2020-11-23T22:15:00", "id": "POSTGRESQL:CVE-2020-25696", "href": "https://www.postgresql.org/support/security/", "title": "Vulnerability in client (CVE-2020-25696)", "type": "postgresql", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T14:27:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-25695"], "description": "Multiple features escape \"security restricted operation\" sandbox", "edition": 4, "modified": "2020-11-16T01:15:00", "published": "2020-11-16T01:15:00", "id": "POSTGRESQL:CVE-2020-25695", "href": "https://www.postgresql.org/support/security/", "title": "Vulnerability in core server (CVE-2020-25695)", "type": "postgresql", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:27:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-14350"], "description": "Uncontrolled search path element in CREATE EXTENSION", "edition": 5, "modified": "2020-08-24T13:15:00", "published": "2020-08-24T13:15:00", "id": "POSTGRESQL:CVE-2020-14350", "href": "https://www.postgresql.org/support/security/", "title": "Vulnerability in core server (CVE-2020-14350)", "type": "postgresql", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:27:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-14349"], "description": "Uncontrolled search path element in logical replication", "edition": 6, "modified": "2020-08-24T13:15:00", "published": "2020-08-24T13:15:00", "id": "POSTGRESQL:CVE-2020-14349", "href": "https://www.postgresql.org/support/security/", "title": "Vulnerability in core server (CVE-2020-14349)", "type": "postgresql", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:27:30", "bulletinFamily": "software", "cvelist": ["CVE-2018-1058"], "description": "Uncontrolled search path element in pg_dump and other client applications", "edition": 6, "modified": "2018-03-02T15:29:00", "published": "2018-03-02T15:29:00", "href": "https://www.postgresql.org/support/security/", "id": "POSTGRESQL:CVE-2018-1058", "title": "Vulnerability in client (CVE-2018-1058)", "type": "postgresql", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:27:29", "bulletinFamily": "software", "cvelist": ["CVE-2020-1720"], "description": "ALTER ... DEPENDS ON EXTENSION is missing authorization checks.", "edition": 5, "modified": "2020-03-17T16:15:00", "published": "2020-03-17T16:15:00", "id": "POSTGRESQL:CVE-2020-1720", "href": "https://www.postgresql.org/support/security/", "title": "Vulnerability in core server (CVE-2020-1720)", "type": "postgresql", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2020-12-16T15:40:51", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25694", "CVE-2020-25695", "CVE-2020-25696"], "description": "Arch Linux Security Advisory ASA-202011-14\n==========================================\n\nSeverity: High\nDate : 2020-11-17\nCVE-ID : CVE-2020-25694 CVE-2020-25695 CVE-2020-25696\nPackage : postgresql\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1276\n\nSummary\n=======\n\nThe package postgresql before version 12.5-1 is vulnerable to multiple\nissues including sandbox escape, arbitrary code execution and silent\ndowngrade.\n\nResolution\n==========\n\nUpgrade to 12.5-1.\n\n# pacman -Syu \"postgresql>=12.5-1\"\n\nThe problems have been fixed upstream in version 12.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-25694 (silent downgrade)\n\nA security issue has been found in PostgreSQL before 12.5. Many\nPostgreSQL-provided client applications have options that create\nadditional database connections. Some of those applications reuse only\nthe basic connection parameters (e.g. host, user, port), dropping\nothers. If this drops a security-relevant parameter (e.g.\nchannel_binding, sslmode, requirepeer, gssencmode), the attacker has an\nopportunity to complete a MITM attack or observe cleartext\ntransmission.\n\nAffected applications are clusterdb, pg_dump, pg_restore, psql,\nreindexdb, and vacuumdb. The vulnerability arises only if one invokes\nan affected client application with a connection string containing a\nsecurity-relevant parameter.\n\n- CVE-2020-25695 (sandbox escape)\n\nA security issue has been found in PostgreSQL before 12.5, where an\nattacker having permission to create non-temporary objects in at least\none schema can execute arbitrary SQL functions under the identity of a\nsuperuser.\nWhile promptly updating PostgreSQL is the best remediation for most\nusers, a user unable to do that can work around the vulnerability by\ndisabling autovacuum and not manually running ANALYZE, CLUSTER,\nREINDEX, CREATE INDEX, VACUUM FULL, REFRESH MATERIALIZED VIEW, or a\nrestore from output of the pg_dump command. Performance may degrade\nquickly under this workaround. VACUUM without the FULL option is safe,\nand all commands are fine when a trusted user owns the target object.\n\n- CVE-2020-25696 (arbitrary code execution)\n\nA security issue has been found in PostgreSQL before 12.5, where psql's\n\\gset allows overwriting specially treated variables. The \\gset meta-\ncommand, which sets psql variables based on query results, does not\ndistinguish variables that control psql behavior. If an interactive\npsql session uses \\gset when querying a compromised server, the\nattacker can execute arbitrary code as the operating system account\nrunning psql. Using \\gset with a prefix not found among specially\ntreated variables, e.g. any lowercase string, precludes the attack in\nan unpatched psql.\n\nImpact\n======\n\nAn attacker in position of man-in-the-middle might be able to access\nsensitive information or even alter SQL commands. A remote,\nauthenticated attacker might be able to escape the PG sandbox and\nexecute arbitrary code on the server.\n\nReferences\n==========\n\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/\nhttps://security.archlinux.org/CVE-2020-25694\nhttps://security.archlinux.org/CVE-2020-25695\nhttps://security.archlinux.org/CVE-2020-25696", "modified": "2020-11-17T00:00:00", "published": "2020-11-17T00:00:00", "id": "ASA-202011-14", "href": "https://security.archlinux.org/ASA-202011-14", "type": "archlinux", "title": "[ASA-202011-14] postgresql: multiple issues", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2020-12-07T04:26:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-25696"], "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly obtain sensitive information, alter SQL commands, escape PostgreSQL sandbox or execute arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 9.5.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-9.5.24:9.5\"\n \n\nAll PostgreSQL 9.6.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-9.6.20:9.6\"\n \n\nAll PostgreSQL 10.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-10.15:10\"\n \n\nAll PostgreSQL 11.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-11.10:11\"\n \n\nAll PostgreSQL 12.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-12.5:12\"\n \n\nAll PostgreSQL 13.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-13.1:13\"", "edition": 1, "modified": "2020-12-07T00:00:00", "published": "2020-12-07T00:00:00", "id": "GLSA-202012-07", "href": "https://security.gentoo.org/glsa/202012-07", "title": "PostgreSQL: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-27T01:36:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "### Background\n\nPostgreSQL is an open source object-relational database management system. \n\n### Description\n\nMultiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PostgreSQL 9.5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-9.5.23:9.5\"\n \n\nAll PostgreSQL 9.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-9.6.19:9.6\"\n \n\nAll PostgreSQL 10 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-10.14:10\"\n \n\nAll PostgreSQL 11 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-11.9:11\"\n \n\nAll PostgreSQL 12 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/postgresql-12.4:12\"", "edition": 1, "modified": "2020-08-26T00:00:00", "published": "2020-08-26T00:00:00", "id": "GLSA-202008-13", "href": "https://security.gentoo.org/glsa/202008-13", "title": "PostgreSQL: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2020-12-17T01:24:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-25696"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2478-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nDecember 02, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : postgresql-9.6\nVersion : 9.6.20-0+deb9u1\nCVE ID : CVE-2020-25694 CVE-2020-25695 CVE-2020-25696\n\nSeveral vulnerabilities have been found in the PostgreSQL database system.\n\nCVE-2020-25694\n\n Peter Eisentraut found that database reconnections may drop options\n from the original connection, such as encryption, which could lead\n to information disclosure or a man-in-the-middle attack.\n\nCVE-2020-25695\n\n Etienne Stalmans reported that a user with permissions to create\n non-temporary objects in an schema can execute arbitrary SQL\n functions as a superuser.\n\nCVE-2020-25696\n\n Nick Cleaton found that the \\gset command modified variables that\n control the psql behaviour, which could result in a compromised or\n malicious server executing arbitrary code in the user session.\n\nFor Debian 9 stretch, these problems have been fixed in version\n9.6.20-0+deb9u1.\n\nWe recommend that you upgrade your postgresql-9.6 packages.\n\nFor the detailed security status of postgresql-9.6 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/postgresql-9.6\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2020-12-02T11:05:08", "published": "2020-12-02T11:05:08", "id": "DEBIAN:DLA-2478-1:FF315", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00005.html", "title": "[SECURITY] [DLA 2478-1] postgresql-9.6 security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-01-15T01:28:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-25696"], "description": "**Issue Overview:**\n\nA flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-25694 __](<https://access.redhat.com/security/cve/CVE-2020-25694>))\n\nA flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-25695 __](<https://access.redhat.com/security/cve/CVE-2020-25695>))\n\nA flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \\gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. ([CVE-2020-25696 __](<https://access.redhat.com/security/cve/CVE-2020-25696>))\n\n \n**Affected Packages:** \n\n\npostgresql95, postgresql96\n\n \n**Issue Correction:** \nRun _yum update postgresql95_ to update your system. \nRun _yum update postgresql96_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n postgresql95-contrib-9.5.24-1.82.amzn1.i686 \n postgresql95-plperl-9.5.24-1.82.amzn1.i686 \n postgresql95-test-9.5.24-1.82.amzn1.i686 \n postgresql95-docs-9.5.24-1.82.amzn1.i686 \n postgresql95-libs-9.5.24-1.82.amzn1.i686 \n postgresql95-plpython26-9.5.24-1.82.amzn1.i686 \n postgresql95-static-9.5.24-1.82.amzn1.i686 \n postgresql95-devel-9.5.24-1.82.amzn1.i686 \n postgresql95-debuginfo-9.5.24-1.82.amzn1.i686 \n postgresql95-plpython27-9.5.24-1.82.amzn1.i686 \n postgresql95-server-9.5.24-1.82.amzn1.i686 \n postgresql95-9.5.24-1.82.amzn1.i686 \n postgresql96-test-9.6.20-1.84.amzn1.i686 \n postgresql96-plpython27-9.6.20-1.84.amzn1.i686 \n postgresql96-server-9.6.20-1.84.amzn1.i686 \n postgresql96-debuginfo-9.6.20-1.84.amzn1.i686 \n postgresql96-devel-9.6.20-1.84.amzn1.i686 \n postgresql96-plpython26-9.6.20-1.84.amzn1.i686 \n postgresql96-contrib-9.6.20-1.84.amzn1.i686 \n postgresql96-libs-9.6.20-1.84.amzn1.i686 \n postgresql96-plperl-9.6.20-1.84.amzn1.i686 \n postgresql96-static-9.6.20-1.84.amzn1.i686 \n postgresql96-9.6.20-1.84.amzn1.i686 \n postgresql96-docs-9.6.20-1.84.amzn1.i686 \n \n src: \n postgresql95-9.5.24-1.82.amzn1.src \n postgresql96-9.6.20-1.84.amzn1.src \n \n x86_64: \n postgresql95-test-9.5.24-1.82.amzn1.x86_64 \n postgresql95-docs-9.5.24-1.82.amzn1.x86_64 \n postgresql95-devel-9.5.24-1.82.amzn1.x86_64 \n postgresql95-libs-9.5.24-1.82.amzn1.x86_64 \n postgresql95-contrib-9.5.24-1.82.amzn1.x86_64 \n postgresql95-plperl-9.5.24-1.82.amzn1.x86_64 \n postgresql95-debuginfo-9.5.24-1.82.amzn1.x86_64 \n postgresql95-static-9.5.24-1.82.amzn1.x86_64 \n postgresql95-plpython26-9.5.24-1.82.amzn1.x86_64 \n postgresql95-server-9.5.24-1.82.amzn1.x86_64 \n postgresql95-9.5.24-1.82.amzn1.x86_64 \n postgresql95-plpython27-9.5.24-1.82.amzn1.x86_64 \n postgresql96-static-9.6.20-1.84.amzn1.x86_64 \n postgresql96-debuginfo-9.6.20-1.84.amzn1.x86_64 \n postgresql96-server-9.6.20-1.84.amzn1.x86_64 \n postgresql96-plpython26-9.6.20-1.84.amzn1.x86_64 \n postgresql96-test-9.6.20-1.84.amzn1.x86_64 \n postgresql96-contrib-9.6.20-1.84.amzn1.x86_64 \n postgresql96-devel-9.6.20-1.84.amzn1.x86_64 \n postgresql96-docs-9.6.20-1.84.amzn1.x86_64 \n postgresql96-plperl-9.6.20-1.84.amzn1.x86_64 \n postgresql96-9.6.20-1.84.amzn1.x86_64 \n postgresql96-libs-9.6.20-1.84.amzn1.x86_64 \n postgresql96-plpython27-9.6.20-1.84.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2021-01-12T22:52:00", "published": "2021-01-12T22:52:00", "id": "ALAS-2021-1476", "href": "https://alas.aws.amazon.com/ALAS-2021-1476.html", "title": "Important: postgresql95, postgresql96", "type": "amazon", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-12-16T18:59:29", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25695", "CVE-2020-25694", "CVE-2020-25696"], "description": "Peter Eisentraut discovered that PostgreSQL incorrectly handled connection \nsecurity settings. Client applications could possibly be connecting with \ncertain security parameters dropped, contrary to expectations. \n(CVE-2020-25694)\n\nEtienne Stalmans discovered that PostgreSQL incorrectly handled the \nsecurity restricted operation sandbox. An authenticated remote attacker \ncould possibly use this issue to execute arbitrary SQL functions as a \nsuperuser. (CVE-2020-25695)\n\nNick Cleaton discovered that PostgreSQL incorrectly handled the \\gset \nmeta-command. A remote attacker with a compromised server could possibly \nuse this issue to execute arbitrary code. (CVE-2020-25696)", "edition": 4, "modified": "2020-11-17T00:00:00", "published": "2020-11-17T00:00:00", "id": "USN-4633-1", "href": "https://ubuntu.com/security/notices/USN-4633-1", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-04T05:21:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "Noah Misch discovered that PostgreSQL incorrectly handled the search_path \nsetting when used with logical replication. A remote attacker could \npossibly use this issue to execute arbitrary SQL code. This issue only \naffected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14349)\n\nAndres Freund discovered that PostgreSQL incorrectly handled search path \nelements in CREATE EXTENSION. A remote attacker could possibly use this \nissue to execute arbitrary SQL code. (CVE-2020-14350)", "edition": 3, "modified": "2020-08-25T00:00:00", "published": "2020-08-25T00:00:00", "id": "USN-4472-1", "href": "https://ubuntu.com/security/notices/USN-4472-1", "title": "PostgreSQL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-09-01T19:37:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "This update for postgresql10 fixes the following issues:\n\n - update to 10.14:\n * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical\n replication walsenders and apply workers\n * CVE-2020-14350, bsc#1175194: Make contrib modules' installation\n scripts more secure.\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/10/release-10-14.html\">https://www.postgresql.org/docs/10/release-10-14.html</a>\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-09-01T18:28:02", "published": "2020-09-01T18:28:02", "id": "OPENSUSE-SU-2020:1312-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00003.html", "title": "Security update for postgresql10 (important)", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-08-22T07:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "This update for postgresql12 fixes the following issues:\n\n - update to 12.4:\n * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical\n replication walsenders and apply workers\n * CVE-2020-14350, bsc#1175194: Make contrib modules' installation\n scripts more secure.\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/12/release-12-4.html\">https://www.postgresql.org/docs/12/release-12-4.html</a>\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-08-22T06:16:19", "published": "2020-08-22T06:16:19", "id": "OPENSUSE-SU-2020:1243-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00050.html", "title": "Security update for postgresql12 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-08-17T23:35:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "This update for postgresql, postgresql96, postgresql10, postgresql12 fixes\n the following issues:\n\n Postgresql12 was updated to 12.3 (bsc#1171924).\n\n - <a rel=\"nofollow\" href=\"https://www.postgresql.org/about/news/2038/\">https://www.postgresql.org/about/news/2038/</a>\n - <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/12/release-12-3.html\">https://www.postgresql.org/docs/12/release-12-3.html</a>\n\n - Let postgresqlXX conflict with postgresql-noarch &lt; 12.0.1 to get a clean\n and complete cutover to the new packaging schema.\n\n Also changed in the postgresql wrapper package:\n\n - Bump version to 12.0.1, so that the binary packages also have a\n cut-point to conflict with.\n\n - Conflict with versions of the binary packages prior to the May 2020\n update, because we changed the package layout at that point and need a\n clean cutover.\n\n - Bump package version to 12, but leave default at 10 for SLE-15 and\n SLE-15-SP1.\n\n postgresql11 was updated to 11.9:\n\n\n * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical\n replication walsenders and apply workers\n * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts\n more secure.\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/11/release-11-9.html\">https://www.postgresql.org/docs/11/release-11-9.html</a>\n - Pack the /usr/lib/postgresql symlink only into the main package.\n\n postgresql11 was updated to 11.8 (bsc#1171924).\n\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/about/news/2038/\">https://www.postgresql.org/about/news/2038/</a>\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/11/release-11-8.html\">https://www.postgresql.org/docs/11/release-11-8.html</a>\n\n - Unify the spec file to work across all current PostgreSQL versions to\n simplify future maintenance.\n - Move from the &quot;libs&quot; build flavour to a &quot;mini&quot; package that will\n only be used inside the build service and not get shipped, to avoid\n confusion with the debuginfo packages (bsc#1148643).\n\n postgresql10 was updated to 10.13 (bsc#1171924).\n\n - <a rel=\"nofollow\" href=\"https://www.postgresql.org/about/news/2038/\">https://www.postgresql.org/about/news/2038/</a>\n - <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/10/release-10-13.html\">https://www.postgresql.org/docs/10/release-10-13.html</a>\n\n - Unify the spec file to work across all current PostgreSQL versions to\n simplify future maintenance.\n - Move from the &quot;libs&quot; build flavour to a &quot;mini&quot; package that will\n only be used inside the build service and not get shipped, to avoid\n confusion with the debuginfo packages (bsc#1148643).\n\n postgresql96 was updated to 9.6.19:\n\n * CVE-2020-14350, boo#1175194: Make contrib modules' installation\n scripts more secure.\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/9.6/release-9-6-19.html\">https://www.postgresql.org/docs/9.6/release-9-6-19.html</a>\n\n - Pack the /usr/lib/postgresql symlink only into the main package.\n\n - Let postgresqlXX conflict with postgresql-noarch &lt; 12.0.1 to get a clean\n and complete cutover to the new packaging schema.\n\n - update to 9.6.18 (boo#1171924).\n <a rel=\"nofollow\" href=\"https://www.postgresql.org/about/news/2038/\">https://www.postgresql.org/about/news/2038/</a>\n <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/9.6/release-9-6-18.html\">https://www.postgresql.org/docs/9.6/release-9-6-18.html</a>\n - Unify the spec file to work across all current PostgreSQL versions to\n simplify future maintenance.\n - Move from the &quot;libs&quot; build flavour to a &quot;mini&quot; package that will\n only be used inside the build service and not get shipped, to avoid\n confusion with the debuginfo packages (boo#1148643).\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n", "edition": 1, "modified": "2020-08-17T21:12:51", "published": "2020-08-17T21:12:51", "id": "OPENSUSE-SU-2020:1228-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00044.html", "title": "Security update for postgresql, postgresql96, postgresql10, postgresql12 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-09-03T02:30:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "This update for postgresql10 fixes the following issues:\n\n - update to 10.14:\n * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical\n replication walsenders and apply workers\n * CVE-2020-14350, bsc#1175194: Make contrib modules' installation\n scripts more secure.\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/10/release-10-14.html\">https://www.postgresql.org/docs/10/release-10-14.html</a>\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-09-03T00:14:03", "published": "2020-09-03T00:14:03", "id": "OPENSUSE-SU-2020:1326-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00008.html", "title": "Security update for postgresql10 (important)", "type": "suse", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-08-22T07:36:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14350", "CVE-2020-14349"], "description": "This update for postgresql12 fixes the following issues:\n\n - update to 12.4:\n * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical\n replication walsenders and apply workers\n * CVE-2020-14350, bsc#1175194: Make contrib modules' installation\n scripts more secure.\n * <a rel=\"nofollow\" href=\"https://www.postgresql.org/docs/12/release-12-4.html\">https://www.postgresql.org/docs/12/release-12-4.html</a>\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-08-22T06:14:31", "published": "2020-08-22T06:14:31", "id": "OPENSUSE-SU-2020:1244-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00049.html", "title": "Security update for postgresql12 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}]}