Stephen Frost

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 9.5.2 **Description** The issue is related to errors in security settings, allowing a remote attacker to bypass existing access restrictions by leveraging a session that performs queries as more than one role. This is due to the improper maintenance of row-security status in cached plans. **Recommendations** For versions prior to 9.5.2, update to version 9.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to roles that perform queries as more than one role to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 9.0.19 PostgreSQL versions 9.1.x prior to 9.1.15 PostgreSQL versions 9.2.x prior to 9.2.10 PostgreSQL versions 9.3.x prior to 9.3.6 PostgreSQL versions 9.4.x prior to 9.4.1 **Description** The issue allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. This can cause the display of values in columns that the user would not normally have rights to see. **Recommendations** For versions prior to 9.0.19, update to version 9.0.19 or later. For versions 9.1.x prior to 9.1.15, update to version 9.1.15 or later. For versions 9.2.x prior to 9.2.10, update to version 9.2.10 or later. For versions 9.3.x prior to 9.3.6, update to version 9.3.6 or later. For versions 9.4.x prior to 9.4.1, update to version 9.4.1 or later.