Amazon Linux 1 Security Advisory: ALAS-2020-1441
Advisory Release Date: 2020-10-26 18:25 Pacific
Advisory Updated Date: 2020-10-27 21:19 Pacific
A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function. (CVE-2019-10208)
Affected Packages:
postgresql94
Issue Correction:
Run yum update postgresql94 to update your system.
i686:
postgresql94-debuginfo-9.4.26-1.77.amzn1.i686
postgresql94-plpython27-9.4.26-1.77.amzn1.i686
postgresql94-server-9.4.26-1.77.amzn1.i686
postgresql94-libs-9.4.26-1.77.amzn1.i686
postgresql94-docs-9.4.26-1.77.amzn1.i686
postgresql94-test-9.4.26-1.77.amzn1.i686
postgresql94-9.4.26-1.77.amzn1.i686
postgresql94-plpython26-9.4.26-1.77.amzn1.i686
postgresql94-contrib-9.4.26-1.77.amzn1.i686
postgresql94-devel-9.4.26-1.77.amzn1.i686
postgresql94-plperl-9.4.26-1.77.amzn1.i686
src:
postgresql94-9.4.26-1.77.amzn1.src
x86_64:
postgresql94-devel-9.4.26-1.77.amzn1.x86_64
postgresql94-9.4.26-1.77.amzn1.x86_64
postgresql94-contrib-9.4.26-1.77.amzn1.x86_64
postgresql94-debuginfo-9.4.26-1.77.amzn1.x86_64
postgresql94-docs-9.4.26-1.77.amzn1.x86_64
postgresql94-plperl-9.4.26-1.77.amzn1.x86_64
postgresql94-libs-9.4.26-1.77.amzn1.x86_64
postgresql94-server-9.4.26-1.77.amzn1.x86_64
postgresql94-plpython26-9.4.26-1.77.amzn1.x86_64
postgresql94-test-9.4.26-1.77.amzn1.x86_64
postgresql94-plpython27-9.4.26-1.77.amzn1.x86_64