MEDIUM5.0
Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения доступа
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NСсылки
ALT-PU-2016-3312-1Обновление пакета postgresql9.5 в ветке sisyphus
Серьёзность:
Закрытые проблемы (3)
HIGH7.5
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NCVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NСсылки
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
- http://www.postgresql.org/about/news/1656/
- http://www.postgresql.org/docs/current/static/release-9-5-2.html
- http://www.securitytracker.com/id/1035468
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
- http://www.postgresql.org/about/news/1656/
- http://www.postgresql.org/docs/current/static/release-9-5-2.html
- http://www.securitytracker.com/id/1035468
CRITICAL9.1
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page.
CVSS 2.0ВЫСОКАЯ 8.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:CCVSS 3.xКРИТИЧЕСКАЯ 9.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HСсылки
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=bf78a6f107949fdfb513d1b45e30cefe04e09e4f
- http://www.postgresql.org/about/news/1656/
- http://www.postgresql.org/docs/current/static/release-9-5-2.html
- http://www.securitytracker.com/id/1035468
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=bf78a6f107949fdfb513d1b45e30cefe04e09e4f
- http://www.postgresql.org/about/news/1656/
- http://www.postgresql.org/docs/current/static/release-9-5-2.html
- http://www.securitytracker.com/id/1035468