openSUSE Security Update : postgresql10 (openSUSE-2020-1312)

This update for postgresql10 fixes the following issues : - update to 10.14 : - CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers - CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure. -...

OPENSUSE-SU-2020:1312-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - update to 10.14: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

SUSE-SU-2020:2355-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - update to 10.14: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

It was found that PostgreSQL versions before 12.4 before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058 in order to execute arbitrary SQL command in the context of the user used for replication.

...

USN-4472-1 postgresql-10, postgresql-12, postgresql-9.5 vulnerabilities

Noah Misch discovered that PostgreSQL incorrectly handled the searchpath setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14349 Andres Freund discover...

Support for IBM Cloud for VMware Solutions

Support Statement IBM Cloud for VMware Solutions provides full bare metal and hypervisor access and complete administrative permissions to vCenter, NSX, and any additional services. This ensures customers who transition their VMware infrastructure to IBM Cloud can expect a consistent level of...

Support for Oracle Cloud VMware Solution (OCVS)

Support Statement Oracle Cloud VMware Solution OCVS allows you to create and manage VMware-enabled software-defined data centers SDDCs in Oracle Cloud Infrastructure. Oracle Cloud VMware Solution provides self-service provisioning with full administrative permissions, including root access,...

CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

ALPINE-CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

Sql injection

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

CVE-2020-14349

Removed by vendor...

CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

CVE-2020-14349

It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the searchpath during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the...

Vulnerability fixed in Apache SOLR

SOLR's developers have fixed a vulnerability. The vulnerability allows a malicious party to gain access to sensitive data because the API of the Replication Handler accepts any location as the target location of the backup, restore and deletebackup commands. This allows a malicious party can...

openSUSE Security Update : postgresql12 (openSUSE-2020-1243)

This update for postgresql12 fixes the following issues : - update to 12.4 : - CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers - CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure. -...

openSUSE Security Update : postgresql12 (openSUSE-2020-1244)

This update for postgresql12 fixes the following issues : - update to 12.4 : - CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers - CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure. -...

openSUSE: Security Advisory for postgresql12 (openSUSE-SU-2020:1244-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1243-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: - update to 12.4: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

PostgreSQL 9.5.x < 9.5.23 / 9.6.x < 9.6.19 / 10.x < 10.14 / 11.x < 11.9 / 12.x < 12.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.5 prior to 9.5.23, 9.6 prior to 9.6.19, 10 prior to 10.14, 11 prior to 11.9, or 12 prior to 12.4. As such, it is potentially affected by multiple vulnerabilities : - Uncontrolled search path element in logical replication CVE-2020-14349 ...