Описание
Multiple serious vulnerabilities have been found in PostgreSQL. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or cause denial of service.
Below is a complete list of vulnerabilities
- An unknown vulnerability can be exploited via a specially designed index page to bypass security restrictions and obtain sensitive information or cause denial of service;
- An improper row-security status maintenance can be exploited via session manipulations to bypass security restrictions.
Technical details
Vulnerability (1) related to brin_page_type and brin_metapage_info functions in the pageinspect extension. This vulnerability can be exploited via a specially designed bytea value in a BRIN index page.
Vulnerability (2) related to maintenance of row-security status in cached plans. This vulnerability can be exploited via leveraging session that perform queries as more than one role.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2016-2193 warning
- CVE-2016-3065 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com