FreeBSD : PostgreSQL -- Security Fixes for Regular Expressions, PL/Java. (e8b6605b-d29f-11e5-8458-6cc21735f730)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

PostgreSQL project reports :

Security Fixes for Regular Expressions, PL/Java

- CVE-2016-0773: This release closes security hole CVE-2016-0773, an
issue with regular expression (regex) parsing. Prior code allowed
users to pass in expressions which included out-of-range Unicode
characters, triggering a backend crash. This issue is critical for
PostgreSQL systems with untrusted users or which generate regexes
based on user input.

- CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege
escalation issue for users of PL/Java. Certain custom configuration
settings (GUCS) for PL/Java will now be modifiable only by the
database superuser

See also :

http://www.nessus.org/u?2707fc79

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88731 ()

Bugtraq ID:

CVE ID: CVE-2016-0766
CVE-2016-0773

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now