Lucene search
Arch LinuxASA-201608-14HistoryAug 14, 2016 - 12:00 a.m.
postgresql: multiple issues
2016-08-1400:00:00
Arch Linux
lists.archlinux.org
17
0.01 Low
EPSS
Percentile
83.9%
- CVE-2016-5423 (arbitrary code execution)
It was discovered that certain SQL statements containing CASE/WHEN
commands could crash the PostgreSQL server, or disclose a few bytes of
server memory, potentially leading to arbitrary code execution.
- CVE-2016-5424 (privilege escalation)
It was found that PostgreSQL client programs mishandle database and role
names containing newlines, carriage returns, double quotes, or
backslashes. By crafting such an object name, roles with the CREATEDB or
CREATEROLE option could escalate their privileges to superuser when a
superuser next executes maintenance with a vulnerable program.
Vulnerable programs include pg_dumpall, pg_upgrade, vacuumdb, reindexdb,
and clusterdb.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| any | any | any | postgresql | < 9.5.4-1 | UNKNOWN |
Related
nessus
nessus
openSUSE Security Update : postgresql94 (openSUSE-2016-1161)
2016-10-12 00:00:00
Fedora 25 : postgresql (2016-765bb26915)
2016-11-15 00:00:00
CentOS 7 : postgresql (CESA-2016:2606)
2016-11-28 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-747)
2016-10-26 00:00:00
Debian Security Advisory DSA 3646-1 (postgresql-9.4 - security update)
2016-08-11 00:00:00
openSUSE: Security Advisory for postgresql93 (openSUSE-SU-2017:1021-1)
2017-04-16 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2016-08-18 00:00:00
debian
debian
[SECURITY] [DSA 3646-1] postgresql-9.4 security update
2016-08-11 14:32:48
[SECURITY] [DSA 3646-1] postgresql-9.4 security update
2016-08-11 14:32:48
[SECURITY] [DLA 592-1] postgresql-9.1 security update
2016-08-11 13:15:32
redhat
redhat
(RHSA-2016:1781) Moderate: rh-postgresql94-postgresql security update
2016-08-31 05:21:42
(RHSA-2016:2606) Moderate: postgresql security and bug fix update
2016-11-03 06:07:16
(RHSA-2016:1820) Moderate: postgresql92-postgresql security update
2016-09-07 08:15:01
fedora
fedora
[SECURITY] Fedora 23 Update: postgresql-9.4.9-1.fc23
2016-08-23 15:25:13
[SECURITY] Fedora 24 Update: postgresql-9.5.4-1.fc24
2016-08-23 12:53:00
[SECURITY] Fedora 25 Update: postgresql-9.5.4-1.fc25
2016-08-27 11:34:38
osv
osv
postgresql-9.4 - security update
2016-08-11 00:00:00
postgresql-9.1 - security update
2016-08-11 00:00:00
kaspersky
kaspersky
KLA10910 Multiple vulnerabilities in PostgreSQL
2016-12-09 00:00:00
suse
suse
Security update for postgresql93 (important)
2016-09-29 17:10:45
Security update for postgresql94 (important)
2016-09-29 19:11:36
Security update for postgresql93 (important)
2016-09-30 18:11:27
amazon
amazon
Medium: postgresql92, postgresql93, postgresql94
2016-09-15 19:00:00
ibm
ibm
mageia
mageia
Updated postgresql packages fix security vulnerability
2016-08-31 18:32:33
centos
centos
postgresql security update
2016-11-25 15:42:13
oraclelinux
oraclelinux
postgresql security and bug fix update
2016-11-09 00:00:00
freebsd
freebsd
PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities
2016-08-11 00:00:00
PostgreSQL vulnerabilities
2017-05-11 00:00:00
cvelist
cvelist
CVE-2016-5423
2016-12-09 23:00:00
CVE-2016-5424
2016-12-09 23:00:00
ubuntucve
ubuntucve
CVE-2016-5424
2016-08-11 00:00:00
CVE-2016-5423
2016-08-11 00:00:00
redhatcve
redhatcve
CVE-2016-5424
2016-08-11 17:48:30
CVE-2016-5423
2016-08-11 17:48:25
veracode
veracode
Privilege Escalation
2019-05-02 05:49:07
Denial Of Service (DoS)
2019-01-15 09:13:02
postgresql
postgresql
Vulnerability in core server (CVE-2016-5423)
2016-12-09 23:59:00
Vulnerability in client (CVE-2016-5424)
2016-12-09 23:59:00
prion
prion
Null pointer dereference
2016-12-09 23:59:00
Code injection
2016-12-09 23:59:00
nvd
nvd
CVE-2016-5424
2016-12-09 23:59:02
CVE-2016-5423
2016-12-09 23:59:00
cve
cve
CVE-2016-5424
2016-12-09 23:59:02
CVE-2016-5423
2016-12-09 23:59:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2017-01-12 00:00:00
photon
photon