[3.4] postgresql: Security Issues (CVE-2016-5423, CVE-2016-5424)
CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference
Fixed In Version:
postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23
Reference:
https://www.postgresql.org/about/news/1688/
Patch:
CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
Fixed In Version:
postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23
Reference:
https://www.postgresql.org/about/news/1688/
Patch:
(from redmine: issue id 6045, created on 2016-08-17, closed on 2016-08-18)
- Relations:
- parent #6044 (closed)
- Changesets:
- Revision 543f7afd by Natanael Copa on 2016-08-17T21:05:13Z:
main/postgresql: security upgrade to 9.5.4 (CVE-2016-5423,CVE-2016-5424)
fixes #6045