[3.1] postgresql: Security Issues (CVE-2016-5423, CVE-2016-5424)
CVE-2016-5423: CASE/WHEN with inlining can cause untrusted pointer dereference
Fixed In Version:
postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23
Reference:
https://www.postgresql.org/about/news/1688/
Patch:
CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
Fixed In Version:
postgresql 9.5.4, postgresql 9.4.9, postgresql 9.3.14, postgresql 9.2.18, postgresql 9.1.23
Reference:
https://www.postgresql.org/about/news/1688/
Patch:
(from redmine: issue id 6048, created on 2016-08-17, closed on 2016-08-18)
- Relations:
- parent #6044 (closed)