{"id":"MGASA-2020-0365","summary":"Updated postgresql packages fix security vulnerabilities","details":"It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14\ndid not properly sanitize the search_path during logical replication. An\nauthenticated attacker could use this flaw in an attack similar to\nCVE-2018-1058, in order to execute arbitrary SQL command in the context of\nthe user used for replication. (CVE-2020-14349)\n\nIt was found that some PostgreSQL extensions did not use search_path safely\nin their installation script. An attacker with sufficient privileges could\nuse this flaw to trick an administrator into executing a specially crafted\nscript, during the installation or update of such extension. This affects\nPostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19,\nand before 9.5.23. (CVE-2020-14350)\n","modified":"2026-02-02T04:05:08.108806Z","published":"2020-09-06T20:33:09Z","related":["CVE-2020-14349","CVE-2020-14350"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0365.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27110"},{"type":"REPORT","url":"https://www.postgresql.org/about/news/2060/"}],"affected":[{"package":{"name":"postgresql9.6","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql9.6?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.6.19-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0365.json"}},{"package":{"name":"postgresql11","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql11?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.9-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0365.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}