Peter Eisentraut discovered that PostgreSQL incorrectly handled connection security settings. Client applications could possibly be connecting with certain security parameters dropped, contrary to expectations. (CVE-2020-25694) Etienne Stalmans discovered that PostgreSQL incorrectly handled the security restricted operation sandbox. An authenticated remote attacker could possibly use this issue to execute arbitrary SQL functions as a superuser. (CVE-2020-25695) Nick Cleaton discovered that PostgreSQL incorrectly handled the \gset meta-command. A remote attacker with a compromised server could possibly use this issue to execute arbitrary code. (CVE-2020-25696)
Continue reading...
Continue reading...
