First published: Tue Aug 25 2020(Updated: )
Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14349) Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. (CVE-2020-14350)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/postgresql-12 | <12.4-0ubuntu0.20.04.1 | 12.4-0ubuntu0.20.04.1 |
=20.04 | ||
All of | ||
ubuntu/postgresql-10 | <10.14-0ubuntu0.18.04.1 | 10.14-0ubuntu0.18.04.1 |
=18.04 | ||
All of | ||
ubuntu/postgresql-9.5 | <9.5.23-0ubuntu0.16.04.1 | 9.5.23-0ubuntu0.16.04.1 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
USN-4472-1
USN-4472-1: PostgreSQL vulnerabilities
A remote attacker could possibly use this issue to execute arbitrary SQL code.
This vulnerability affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Upgrade to PostgreSQL 12.4-0ubuntu0.20.04.1 for Ubuntu 20.04 LTS, 10.14-0ubuntu0.18.04.1 for Ubuntu 18.04 LTS, or 9.5.23-0ubuntu0.16.04.1 for Ubuntu 16.04 LTS.