CVE-2016-0766
17.02.2016, 15:59
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 9.1.0 ≤ 𝑥 < 9.1.20 |
| postgresql | postgresql | 9.2 ≤ 𝑥 < 9.2.15 |
| postgresql | postgresql | 9.3 ≤ 𝑥 < 9.3.11 |
| postgresql | postgresql | 9.4 ≤ 𝑥 < 9.4.6 |
| postgresql | postgresql | 9.5 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.10 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-8.4 |
| ||||||||||||||
| postgresql-9.1 |
| ||||||||||||||
| postgresql-9.3 |
| ||||||||||||||
| postgresql-9.4 |
| ||||||||||||||
| postgresql-9.5 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libecpg6 |
| ||||||||||||
| libpq5 |
| ||||||||||||
| libpq5-32bit |
| ||||||||||||
| postgresql10 |
| ||||||||||||
| postgresql10-contrib |
| ||||||||||||
| postgresql10-docs |
| ||||||||||||
| postgresql10-plperl |
| ||||||||||||
| postgresql10-plpython |
| ||||||||||||
| postgresql10-pltcl |
| ||||||||||||
| postgresql10-server |
| ||||||||||||
| postgresql93 |
| ||||||||||||
| postgresql93-contrib |
| ||||||||||||
| postgresql93-docs |
| ||||||||||||
| postgresql93-server |
| ||||||||||||
| postgresql94 |
| ||||||||||||
| postgresql94-contrib |
| ||||||||||||
| postgresql94-docs |
| ||||||||||||
| postgresql94-server |
|
Common Weakness Enumeration
References