CVE-2016-0766
Publication date 11 February 2016
Last updated 24 July 2024
Ubuntu priority
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| postgresql-8.4 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| postgresql-9.1 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 9.1.20-0ubuntu0.14.04
|
|
| postgresql-9.3 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 9.3.11-0ubuntu0.14.04
|
|
| postgresql-9.4 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| postgresql-9.5 | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-2894-1
- PostgreSQL vulnerabilities
- 11 February 2016