[SECURITY] [DLA 592-1] postgresql-9.1 security update

To: Debian LTS Announce <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 592-1] postgresql-9.1 security update
From: Christoph Berg <christoph.berg@credativ.de>
Date: Thu, 11 Aug 2016 15:15:32 +0200
Message-id: <[🔎] 20160811131532.ifb52ipurhai3rfv@msg.df7cb.de>
Mail-followup-to: Christoph Berg <christoph.berg@credativ.de>, Debian LTS Announce <debian-lts-announce@lists.debian.org>
Reply-to: debian-lts@lists.debian.org

Package        : postgresql-9.1
Version        : 9.1.23-0+deb7u1

Several vulnerabilities have been found in PostgreSQL, an SQL
database system.

CVE-2016-5423

    Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN
    expressions are not properly evaluated, potentially leading to a
    crash or allowing to disclose portions of server memory.

CVE-2016-5424

    Nathan Bossart discovered that special characters in database and
    role names are not properly handled, potentially leading to the
    execution of commands with superuser privileges, when a superuser
    executes pg_dumpall or other routine maintenance operations.

For Debian 7 "Wheezy", these problems have been fixed in version
9.1.23-0+deb7u1.

We recommend that you upgrade your postgresql-9.1 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 588-2] mongodb security update
Next by Date: [SECURITY] [DLA 593-1] nettle security update
Previous by thread: [SECURITY] [DLA 588-2] mongodb security update
Next by thread: [SECURITY] [DLA 593-1] nettle security update
Index(es):
- Date
- Thread