SB2020122309 - Red Hat Enterprise Linux 8 update for the postgresql:9.6 module
Published: December 23, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10130)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect implementation of row security policies. A remote attacker can use statistics, generated for tables to bypass row security policies and gain access to restricted rows.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10208)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.
3) Improper Authorization (CVE-ID: CVE-2020-1720)
The vulnerability allows a remote attacker to perform unauthorized modification of data in database.
The vulnerability exists due to the ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization
checks, which can allow an unprivileged user to drop any function, procedure,
materialized view, index, or trigger under certain conditions. This attack is
possible if an administrator has installed an extension and an unprivileged
user can CREATE, or an extension owner either executes DROP EXTENSION
predictably or can be convinced to execute DROP EXTENSION.
4) Untrusted search path (CVE-ID: CVE-2020-14350)
The vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to the way PostgreSQL handles CREATE EXTENSION statements. A remote user with permission to create objects in the new extension's schema
or a schema of a prerequisite extension can execute arbitrary SQL functions under the identity of the superuser in certain cases.
5) Improper access control (CVE-ID: CVE-2020-25694)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can perform a man-in-the-middle attack or observe clear-text transmissions and downgrade connection security settings.
6) SQL injection (CVE-ID: CVE-2020-25695)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
7) Input validation error (CVE-ID: CVE-2020-25696)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the "\gset" meta-command does not distinguish variables that control psql behavior. A remote attacker can execute arbitrary code as the operating system account.
Remediation
Install update from vendor's website.