FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities

Affected packages
9.1.0	<=	postgresql91-server	<	9.1.23
9.2.0	<=	postgresql92-server	<	9.2.18
9.3.0	<=	postgresql93-server	<	9.3.11
9.4.0	<=	postgresql94-server	<	9.4.9
9.5.0	<=	postgresql95-server	<	9.5.4

Details

VuXML ID	ca16fd0b-5fd1-11e6-a6f2-6cc21735f730
Discovery	2016-08-11
Entry	2016-08-11

PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

CVE-2016-5423: certain nested CASE expressions can cause the server to crash.

CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.

[source]

References

CVE Name	CVE-2016-5423
CVE Name	CVE-2016-5424