SB2016021613 - Permissions, Privileges, and Access Controls in postgresql (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-0766)

The vulnerability allows a remote authenticated user to execute arbitrary code.

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=de54eeef246ed1ee8fcba3da5c559af490d2e2e9
• https://git.alpinelinux.org/aports/commit/?id=87879a3f27f9101b4c265ef56b479dbe23fd41c9
• https://git.alpinelinux.org/aports/commit/?id=702b09615bb3319131fb1a8aeb19ff42bc312a29
• https://git.alpinelinux.org/aports/commit/?id=65b5dd4abceafa43b63560e421f11671eeef5940