All errata/sisyphus/ALT-PU-2016-3273-1
ALT-PU-2016-3273-1

Package update postgresql9.4 in branch sisyphus

Version9.4.9-alt1
Task#168447
Published2016-08-10
Max severityHIGH
Severity:

Closed issues (2)

CVE-2016-5423
HIGH8.3

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.

Published: 2016-12-09Modified: 2025-04-12
CVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 3.xHIGH 8.3
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
References
CVE-2016-5424
HIGH7.1

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Published: 2016-12-09Modified: 2025-04-12
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:P/A:P
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
References