{"id":"MGASA-2020-0095","summary":"Updated postgresql packages fix security vulnerability","details":"Updated postgresql9.6 and postgresql11 packages fix security vulnerability:\n\nThe ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization\nchecks, which can allow an unprivileged user to drop any function, procedure,\nmaterialized view, index, or trigger under certain conditions. This attack is\npossible if an administrator has installed an extension and an unprivileged\nuser can CREATE, or an extension owner either executes DROP EXTENSION\npredictably or can be convinced to execute DROP EXTENSION (CVE-2020-1720).\n","modified":"2026-04-16T00:12:08.635453261Z","published":"2020-02-21T23:06:01Z","upstream":["CVE-2020-1720"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0095.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26196"},{"type":"WEB","url":"https://www.postgresql.org/about/news/2011/"}],"affected":[{"package":{"name":"postgresql9.6","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql9.6?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.6.17-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0095.json"}},{"package":{"name":"postgresql11","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql11?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.7-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0095.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}