Candidate: CVE-2016-2193
PublicDate: 2016-04-11 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2193
 http://www.postgresql.org/about/news/1656/
 http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
Description:
 PostgreSQL before 9.5.x before 9.5.2 does not properly maintain
 row-security status in cached plans, which might allow attackers to bypass
 intended access restrictions by leveraging a session that performs queries
 as more than one role.
Ubuntu-Description:
Notes:
 sbeattie> RLS was introduced in postgresql 9.5, doesn't affect prior
   versions
Bugs:
Priority: medium
Discovered-by: Ashutosh Bapat
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_postgresql-9.5:
upstream_postgresql-9.5: released (9.5.2)
precise_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
trusty/esm_postgresql-9.5: DNE
vivid/ubuntu-core_postgresql-9.5: DNE
vivid/stable-phone-overlay_postgresql-9.5: DNE
wily_postgresql-9.5: DNE
devel_postgresql-9.5: not-affected (9.5.2-1)

Patches_postgresql-9.4:
upstream_postgresql-9.4: not-affected (9.5 only)
precise_postgresql-9.4: DNE
trusty_postgresql-9.4: DNE
trusty/esm_postgresql-9.4: DNE
vivid/ubuntu-core_postgresql-9.4: DNE
vivid/stable-phone-overlay_postgresql-9.4: DNE
wily_postgresql-9.4: not-affected (9.5 only)
devel_postgresql-9.4: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: not-affected (9.5 only)
precise_postgresql-9.3: DNE
trusty_postgresql-9.3: not-affected (9.5 only)
trusty/esm_postgresql-9.3: not-affected (9.5 only)
vivid/ubuntu-core_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
wily_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: not-affected (9.5 only)
precise_postgresql-9.1: not-affected (9.5 only)
trusty_postgresql-9.1: not-affected (9.5 only)
trusty/esm_postgresql-9.1: DNE (trusty was not-affected [9.5 only])
vivid/ubuntu-core_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
wily_postgresql-9.1: DNE
devel_postgresql-9.1: DNE

Patches_postgresql-8.4:
upstream_postgresql-8.4: not-affected (9.5 only)
precise_postgresql-8.4: not-affected (9.5 only)
trusty_postgresql-8.4: DNE
trusty/esm_postgresql-8.4: DNE
vivid/ubuntu-core_postgresql-8.4: DNE
vivid/stable-phone-overlay_postgresql-8.4: DNE
wily_postgresql-8.4: DNE
devel_postgresql-8.4: DNE