|
|
Subscribe / Log in / New account

postgresql: two vulnerabilities

Package(s):postgresql-9.1 CVE #(s):CVE-2016-5423 CVE-2016-5424
Created:August 11, 2016 Updated:December 15, 2016
Description: From the Debian-LTS advisory:

CVE-2016-5423: Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory.

CVE-2016-5424: Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations.

Alerts:
Oracle ELSA-2016-2606 postgresql 2016-11-10
Red Hat RHSA-2016:2606-02 postgresql 2016-11-03
openSUSE openSUSE-SU-2016:2464-1 postgresql94 2016-10-06
SUSE SUSE-SU-2016:2418-1 postgresql94 2016-09-29
openSUSE openSUSE-SU-2016:2425-1 postgresql93 2016-09-30
SUSE SUSE-SU-2016:2415-1 postgresql94 2016-09-29
SUSE SUSE-SU-2016:2414-1 postgresql93 2016-09-29
Red Hat RHSA-2016:1821-01 rh-postgresql95-postgresql 2016-09-07
Red Hat RHSA-2016:1820-01 postgresql92-postgresql 2016-09-07
Mageia MGASA-2016-0289 postgresql 2016-08-31
Red Hat RHSA-2016:1781-01 rh-postgresql94-postgresql 2016-08-31
Fedora FEDORA-2016-5486a6dfc0 postgresql 2016-08-23
Fedora FEDORA-2016-30b01bdedd postgresql 2016-08-23
Ubuntu USN-3066-1 postgresql-9.1, postgresql-9.3, postgresql-9.5 2016-08-18
Arch Linux ASA-201608-14 postgresql 2016-08-14
Debian DSA-3646-1 postgresql-9.4 2016-08-11
Debian-LTS DLA-592-1 postgresql-9.1 2016-08-11
Gentoo 201701-33 postgresql 2017-01-13
Scientific Linux SLSA-2016:2606-2 postgresql 2016-12-14
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds