---------- Forwarded message ---------
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Date: Aug 25, 2020 9:05PM
Noah Misch discovered that PostgreSQL incorrectly handled the search_path
setting when used with logical replication. A remote attacker could
possibly use this issue to execute arbitrary SQL code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14349)
Andres Freund discovered that PostgreSQL incorrectly handled search path
elements in CREATE EXTENSION. A remote attacker could possibly use this
issue to execute arbitrary SQL code. (CVE-2020-14350)
References:
https://usn.ubuntu.com/4472-1
CVE-2020-14349, CVE-2020-14350
沒有留言:
張貼留言