All errata/sisyphus/ALT-PU-2016-3312-1
ALT-PU-2016-3312-1

Package update postgresql9.5 in branch sisyphus

Version9.5.2-alt1
Task#162275
Published2016-03-31
Max severityCRITICAL
Severity:

Closed issues (3)

BDU:2016-00974
MEDIUM5.0

Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения доступа

Published: 2016-04-25Modified: 2025-08-19
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
References
CVE-2016-2193
HIGH7.5

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

Published: 2016-04-11Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
CVE-2016-3065
CRITICAL9.1

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.

Published: 2016-04-11Modified: 2025-04-12
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
CVSS 3.xCRITICAL 9.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
References