Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0095)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0095

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0095)

Resumen: The remote host is missing an update for the 'postgresql9.6, postgresql11' package(s) announced via the MGASA-2020-0095 advisory.

Descripción: Summary:
The remote host is missing an update for the 'postgresql9.6, postgresql11' package(s) announced via the MGASA-2020-0095 advisory.

Vulnerability Insight:
Updated postgresql9.6 and postgresql11 packages fix security vulnerability:

The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization
checks, which can allow an unprivileged user to drop any function, procedure,
materialized view, index, or trigger under certain conditions. This attack is
possible if an administrator has installed an extension and an unprivileged
user can CREATE, or an extension owner either executes DROP EXTENSION
predictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720).

Affected Software/OS:
'postgresql9.6, postgresql11' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-1720
https://www.postgresql.org/about/news/2011/
SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0095
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0095)
Resumen:	The remote host is missing an update for the 'postgresql9.6, postgresql11' package(s) announced via the MGASA-2020-0095 advisory.
Descripción:	Summary: The remote host is missing an update for the 'postgresql9.6, postgresql11' package(s) announced via the MGASA-2020-0095 advisory. Vulnerability Insight: Updated postgresql9.6 and postgresql11 packages fix security vulnerability: The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720). Affected Software/OS: 'postgresql9.6, postgresql11' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-1720 https://www.postgresql.org/about/news/2011/ SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2022 Greenbone AG