ALAS-2020-1441


Amazon Linux AMI Security Advisory: ALAS-2020-1441
Advisory Release Date: 2020-10-26 18:25 Pacific
Advisory Updated Date: 2020-10-27 21:19 Pacific
Severity: Medium
References: CVE-2019-10208 

Issue Overview:

A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208 )


Affected Packages:

postgresql94


Issue Correction:
Run yum update postgresql94 to update your system.

New Packages:
i686:
    postgresql94-debuginfo-9.4.26-1.77.amzn1.i686
    postgresql94-plpython27-9.4.26-1.77.amzn1.i686
    postgresql94-server-9.4.26-1.77.amzn1.i686
    postgresql94-libs-9.4.26-1.77.amzn1.i686
    postgresql94-docs-9.4.26-1.77.amzn1.i686
    postgresql94-test-9.4.26-1.77.amzn1.i686
    postgresql94-9.4.26-1.77.amzn1.i686
    postgresql94-plpython26-9.4.26-1.77.amzn1.i686
    postgresql94-contrib-9.4.26-1.77.amzn1.i686
    postgresql94-devel-9.4.26-1.77.amzn1.i686
    postgresql94-plperl-9.4.26-1.77.amzn1.i686

src:
    postgresql94-9.4.26-1.77.amzn1.src

x86_64:
    postgresql94-devel-9.4.26-1.77.amzn1.x86_64
    postgresql94-9.4.26-1.77.amzn1.x86_64
    postgresql94-contrib-9.4.26-1.77.amzn1.x86_64
    postgresql94-debuginfo-9.4.26-1.77.amzn1.x86_64
    postgresql94-docs-9.4.26-1.77.amzn1.x86_64
    postgresql94-plperl-9.4.26-1.77.amzn1.x86_64
    postgresql94-libs-9.4.26-1.77.amzn1.x86_64
    postgresql94-server-9.4.26-1.77.amzn1.x86_64
    postgresql94-plpython26-9.4.26-1.77.amzn1.x86_64
    postgresql94-test-9.4.26-1.77.amzn1.x86_64
    postgresql94-plpython27-9.4.26-1.77.amzn1.x86_64