FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL -- minor security problems.

Affected packages
9.5.0 <= postgresql95-contrib < 9.5.2
9.5.0 <= postgresql95-server < 9.5.2

Details

VuXML ID 97a24d2e-f74c-11e5-8458-6cc21735f730
Discovery 2016-03-01
Entry 2016-03-31

PostgreSQL project reports:

Security Fixes for RLS, BRIN

This release closes security hole CVE-2016-2193 (https://access.redhat.com/security/cve/CVE-2016-2193), where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query.

The update also fixes CVE-2016-3065 (https://access.redhat.com/security/cve/CVE-2016-3065), a server crash bug triggered by using `pageinspect` with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue.

References

CVE Name CVE-2016-2193
CVE Name CVE-2016-3065