Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities (USN-2894-1)
High Nessus Plugin ID 88712
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that PostgreSQL incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-0773)
It was discovered that PostgreSQL incorrectly handled certain configuration settings (GUCS) for users of PL/Java. A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-0766).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected postgresql-9.1, postgresql-9.3 and / or postgresql-9.4 packages.