FreeBSD : PostgreSQL -- Security Fixes for Regular Expressions, PL/Java. (e8b6605b-d29f-11e5-8458-6cc21735f730)
High Nessus Plugin ID 88731
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionPostgreSQL project reports :
Security Fixes for Regular Expressions, PL/Java
- CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input.
- CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser
SolutionUpdate the affected packages.