Description
Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or cause denial of service.
Below is a complete list of vulnerabilities
- An unknown vulnerability can be exploited via a specially designed index page to bypass security restrictions and obtain sensitive information or cause denial of service;
- An improper row-security status maintenance can be exploited via session manipulations to bypass security restrictions.
Technical details
Vulnerability (1) related to brin_page_type and brin_metapage_info functions in the pageinspect extension. This vulnerability can be exploited via a specially designed bytea value in a BRIN index page.
Vulnerability (2) related to maintenance of row-security status in cached plans. This vulnerability can be exploited via leveraging session that perform queries as more than one role.
Original advisories
Related products
CVE list
- CVE-2016-2193 warning
- CVE-2016-3065 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com