DSA-3646-1 postgresql-9.4 -- postgresql-9.4ID: oval:org.secpod.oval:def:602588 | Date: (C)2016-08-18 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations.