Launchpad.net

CVE 2016-2193

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

Related bugs and status

CVE-2016-2193 (Candidate) is related to these bugs:

Bug #1564268: New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2

		In	Importance	Status
1564268	New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2	postgresql-9.5 (Ubuntu)	Undecided	Fix Released
1564268	New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2	postgresql-9.5 (Ubuntu Xenial)	Undecided	Fix Released
1564268	New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2	postgresql-9.1 (Ubuntu Trusty)	Undecided	Fix Released
1564268	New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2	postgresql-9.3 (Ubuntu Trusty)	Undecided	Fix Released
1564268	New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2	postgresql-9.1 (Ubuntu Precise)	Undecided	Fix Released
1564268	New upstream microreleases 9.1.21, 9.3.12, 9.4.7, 9.5.2	postgresql-9.4 (Ubuntu Wily)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-2193

Related bugs and status

Related bugs

References