RHSA-2020:0980: Moderate: rh-postgresql10-postgresql security update
Published Mar 26, 2020
·Updated
PostgreSQL is an advanced object-relational database management system (DBMS).<br>The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.12).<br>Security Fix(es):<br><li> PostgreSQL: stack-based buffer overflow via setting a password (CVE-2019-10164)</li> <li> PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
60 affected componentsFixes available
redhat/rh-postgresql10-postgresql<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-contrib<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-contrib-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-debuginfo<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-devel<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-docs<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-libs<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-plperl<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-plpython<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-pltcl<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-server<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-server-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-static<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-test<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-contrib<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-contrib-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-debuginfo<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-devel<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-docs<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-libs<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-plperl<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-plpython<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-pltcl<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-server<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-server-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-static<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-test<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-contrib<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-contrib-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-debuginfo<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-devel<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-docs<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-libs<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-plperl<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-plpython<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-pltcl<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-server<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-server-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-static<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-syspaths<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql-test<10.12-2.el7
10.12-2.el7
redhat/rh-postgresql10-postgresql<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-contrib<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-contrib-syspaths<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-debuginfo<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-devel<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-docs<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-libs<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-plperl<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-plpython<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-pltcl<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-server<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-server-syspaths<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-static<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-syspaths<10.12-2.el7.aa
10.12-2.el7.aa
redhat/rh-postgresql10-postgresql-test<10.12-2.el7.aa
10.12-2.el7.aa
Remediation
Event History
Jun 20, 2024
Advisory Published
via Red Hat·01:09 AM
Frequently Asked Questions
1
What is the severity of RHSA-2020:0980?
The vulnerability RHSA-2020:0980 has been classified as moderate.
2
How do I fix RHSA-2020:0980?
To fix RHSA-2020:0980, upgrade the affected packages to version 10.12-2.el7 or later.
3
Which PostgreSQL packages are affected by RHSA-2020:0980?
Affected packages include rh-postgresql10-postgresql, rh-postgresql10-postgresql-contrib, and rh-postgresql10-postgresql-server among others.
4
What is the nature of the vulnerability in RHSA-2020:0980?
The vulnerability involves a stack-based buffer overflow that can occur when setting a password.
5
Is there a workaround for RHSA-2020:0980?
There are no known workarounds, and it is recommended to apply the patch as soon as possible.