USN-4633-1: PostgreSQL vulnerabilities
Peter Eisentraut discovered that PostgreSQL incorrectly handled connection
security settings. Client applications could possibly be connecting with
certain security parameters dropped, contrary to expectations.
(CVE-2020-25694)
Etienne Stalmans discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox. An authenticated remote attacker
could possibly use this issue to execute arbitrary SQL functions as a
superuser. (CVE-2020-25695)
Nick Cleaton discovered that PostgreSQL incorrectly handled the gset
meta-command. A remote attacker with a compromised server could possibly
use this issue to execute arbitrary code. (CVE-2020-25696)
Source: USN-4633-1: PostgreSQL vulnerabilities
