USN-3066-1: PostgreSQL vulnerabilities
18 August 2016
Several security issues were fixed in PostgreSQL.
- postgresql-9.1 - Object-relational SQL database
- postgresql-9.3 - Object-relational SQL database
- postgresql-9.5 - object-relational SQL database
Heikki Linnakangas discovered that PostgreSQL incorrectly handled certain
nested CASE/WHEN expressions. A remote attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service.
Nathan Bossart discovered that PostgreSQL incorrectly handled special
characters in database and role names. A remote attacker could possibly use
this issue to escalate privileges. (CVE-2016-5424)
The problem can be corrected by updating your system to the following package versions:
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.