Alpine: postgresql14: security update to 12.5-r0

high Tenable Cloud Security Plugin ID 425736

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before
9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses
the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-
the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat
from this vulnerability is to data confidentiality and integrity as well as system availability.
(CVE-2020-25694)

- A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before
9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one
schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25695)

- A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5,
before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset
when querying a compromised server, the attacker can execute arbitrary code as the operating system
account running psql. The highest threat from this vulnerability is to data confidentiality and integrity
as well as system availability. (CVE-2020-25696)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-25694

https://security.alpinelinux.org/vuln/CVE-2020-25695

https://security.alpinelinux.org/vuln/CVE-2020-25696

Plugin Details

Severity: High

ID: 425736

Version: Revision 1.6

Type: Local

Published: 4/18/2025

Updated: 6/8/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-25696

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2020-25695

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/12/2020

Reference Information

CVE: CVE-2020-25694, CVE-2020-25695, CVE-2020-25696

IAVB: 2020-B-0069-S