FreeBSD : PostgreSQL -- minor security problems. (97a24d2e-f74c-11e5-8458-6cc21735f730)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

PostgreSQL project reports :

Security Fixes for RLS, BRIN

This release closes security hole CVE-2016-2193
(https://access.redhat.com/security/cve/CVE-2016-2193), where a query
plan might get reused for more than one ROLE in the same session. This
could cause the wrong set of Row Level Security (RLS) policies to be
used for the query.

The update also fixes CVE-2016-3065
(https://access.redhat.com/security/cve/CVE-2016-3065), a server crash
bug triggered by using `pageinspect` with BRIN index pages. Since an
attacker might be able to expose a few bytes of server memory, this
crash is being treated as a security issue.

See also :

http://www.nessus.org/u?ee6b7e93

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 90290 ()

Bugtraq ID:

CVE ID: CVE-2016-2193
CVE-2016-3065

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now