FreeBSD : PostgreSQL -- minor security problems. (97a24d2e-f74c-11e5-8458-6cc21735f730)
High Nessus Plugin ID 90290
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionPostgreSQL project reports :
Security Fixes for RLS, BRIN
This release closes security hole CVE-2016-2193 (https://access.redhat.com/security/cve/CVE-2016-2193), where a query plan might get reused for more than one ROLE in the same session. This could cause the wrong set of Row Level Security (RLS) policies to be used for the query.
The update also fixes CVE-2016-3065 (https://access.redhat.com/security/cve/CVE-2016-3065), a server crash bug triggered by using `pageinspect` with BRIN index pages. Since an attacker might be able to expose a few bytes of server memory, this crash is being treated as a security issue.
SolutionUpdate the affected packages.