[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 592-1] postgresql-9.1 security update



Package        : postgresql-9.1
Version        : 9.1.23-0+deb7u1

Several vulnerabilities have been found in PostgreSQL, an SQL
database system.

CVE-2016-5423

    Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN
    expressions are not properly evaluated, potentially leading to a
    crash or allowing to disclose portions of server memory.

CVE-2016-5424

    Nathan Bossart discovered that special characters in database and
    role names are not properly handled, potentially leading to the
    execution of commands with superuser privileges, when a superuser
    executes pg_dumpall or other routine maintenance operations.

For Debian 7 "Wheezy", these problems have been fixed in version
9.1.23-0+deb7u1.

We recommend that you upgrade your postgresql-9.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: