Lucene search
AmazonALAS-2016-747HistorySep 15, 2016 - 7:00 p.m.
Medium: postgresql92, postgresql93, postgresql94
2016-09-1519:00:00
alas.aws.amazon.com
12
0.01 Low
EPSS
Percentile
83.8%
Issue Overview:
A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423)
A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424)
Affected Packages:
postgresql92, postgresql93, postgresql94
Issue Correction:
Run yum update postgresql92 to update your system.
Run yum update postgresql93 to update your system.
Run yum update postgresql94 to update your system.
New Packages:
i686:
postgresql93-test-9.3.14-1.62.amzn1.i686
postgresql93-docs-9.3.14-1.62.amzn1.i686
postgresql93-pltcl-9.3.14-1.62.amzn1.i686
postgresql93-server-9.3.14-1.62.amzn1.i686
postgresql93-plpython26-9.3.14-1.62.amzn1.i686
postgresql93-devel-9.3.14-1.62.amzn1.i686
postgresql93-plpython27-9.3.14-1.62.amzn1.i686
postgresql93-debuginfo-9.3.14-1.62.amzn1.i686
postgresql93-contrib-9.3.14-1.62.amzn1.i686
postgresql93-plperl-9.3.14-1.62.amzn1.i686
postgresql93-libs-9.3.14-1.62.amzn1.i686
postgresql93-9.3.14-1.62.amzn1.i686
postgresql94-plperl-9.4.9-1.67.amzn1.i686
postgresql94-test-9.4.9-1.67.amzn1.i686
postgresql92-docs-9.2.18-1.59.amzn1.i686
postgresql94-libs-9.4.9-1.67.amzn1.i686
postgresql94-plpython27-9.4.9-1.67.amzn1.i686
postgresql92-server-compat-9.2.18-1.59.amzn1.i686
postgresql92-contrib-9.2.18-1.59.amzn1.i686
postgresql94-9.4.9-1.67.amzn1.i686
postgresql92-libs-9.2.18-1.59.amzn1.i686
postgresql94-server-9.4.9-1.67.amzn1.i686
postgresql94-plpython26-9.4.9-1.67.amzn1.i686
postgresql92-debuginfo-9.2.18-1.59.amzn1.i686
postgresql92-plpython27-9.2.18-1.59.amzn1.i686
postgresql94-debuginfo-9.4.9-1.67.amzn1.i686
postgresql92-test-9.2.18-1.59.amzn1.i686
postgresql94-docs-9.4.9-1.67.amzn1.i686
postgresql92-9.2.18-1.59.amzn1.i686
postgresql94-devel-9.4.9-1.67.amzn1.i686
postgresql92-plperl-9.2.18-1.59.amzn1.i686
postgresql94-contrib-9.4.9-1.67.amzn1.i686
postgresql92-server-9.2.18-1.59.amzn1.i686
postgresql92-plpython26-9.2.18-1.59.amzn1.i686
postgresql92-devel-9.2.18-1.59.amzn1.i686
postgresql92-pltcl-9.2.18-1.59.amzn1.i686
src:
postgresql93-9.3.14-1.62.amzn1.src
postgresql94-9.4.9-1.67.amzn1.src
postgresql92-9.2.18-1.59.amzn1.src
x86_64:
postgresql93-libs-9.3.14-1.62.amzn1.x86_64
postgresql93-plperl-9.3.14-1.62.amzn1.x86_64
postgresql93-debuginfo-9.3.14-1.62.amzn1.x86_64
postgresql93-devel-9.3.14-1.62.amzn1.x86_64
postgresql93-docs-9.3.14-1.62.amzn1.x86_64
postgresql93-pltcl-9.3.14-1.62.amzn1.x86_64
postgresql93-contrib-9.3.14-1.62.amzn1.x86_64
postgresql93-plpython27-9.3.14-1.62.amzn1.x86_64
postgresql93-server-9.3.14-1.62.amzn1.x86_64
postgresql93-test-9.3.14-1.62.amzn1.x86_64
postgresql93-plpython26-9.3.14-1.62.amzn1.x86_64
postgresql93-9.3.14-1.62.amzn1.x86_64
postgresql94-plpython26-9.4.9-1.67.amzn1.x86_64
postgresql92-plperl-9.2.18-1.59.amzn1.x86_64
postgresql94-9.4.9-1.67.amzn1.x86_64
postgresql92-pltcl-9.2.18-1.59.amzn1.x86_64
postgresql94-libs-9.4.9-1.67.amzn1.x86_64
postgresql92-test-9.2.18-1.59.amzn1.x86_64
postgresql94-server-9.4.9-1.67.amzn1.x86_64
postgresql92-debuginfo-9.2.18-1.59.amzn1.x86_64
postgresql92-contrib-9.2.18-1.59.amzn1.x86_64
postgresql94-test-9.4.9-1.67.amzn1.x86_64
postgresql92-libs-9.2.18-1.59.amzn1.x86_64
postgresql94-docs-9.4.9-1.67.amzn1.x86_64
postgresql92-9.2.18-1.59.amzn1.x86_64
postgresql94-devel-9.4.9-1.67.amzn1.x86_64
postgresql92-plpython27-9.2.18-1.59.amzn1.x86_64
postgresql94-plpython27-9.4.9-1.67.amzn1.x86_64
postgresql92-docs-9.2.18-1.59.amzn1.x86_64
postgresql94-plperl-9.4.9-1.67.amzn1.x86_64
postgresql92-server-compat-9.2.18-1.59.amzn1.x86_64
postgresql94-debuginfo-9.4.9-1.67.amzn1.x86_64
postgresql92-plpython26-9.2.18-1.59.amzn1.x86_64
postgresql94-contrib-9.4.9-1.67.amzn1.x86_64
postgresql92-devel-9.2.18-1.59.amzn1.x86_64
postgresql92-server-9.2.18-1.59.amzn1.x86_64
Additional References
Red Hat: CVE-2016-5423, CVE-2016-5424
Mitre: CVE-2016-5423, CVE-2016-5424
Related
nessus
nessus
CentOS 7 : postgresql (CESA-2016:2606)
2016-11-28 00:00:00
Fedora 25 : postgresql (2016-765bb26915)
2016-11-15 00:00:00
openSUSE Security Update : postgresql94 (openSUSE-2016-1161)
2016-10-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 3646-1 (postgresql-9.4 - security update)
2016-08-11 00:00:00
openSUSE: Security Advisory for postgresql93 (openSUSE-SU-2017:1021-1)
2017-04-16 00:00:00
Amazon Linux: Security Advisory (ALAS-2016-747)
2016-10-26 00:00:00
debian
debian
[SECURITY] [DSA 3646-1] postgresql-9.4 security update
2016-08-11 14:33:10
[SECURITY] [DSA 3646-1] postgresql-9.4 security update
2016-08-11 14:32:48
[SECURITY] [DLA 592-1] postgresql-9.1 security update
2016-08-11 13:15:53
ubuntu
ubuntu
PostgreSQL vulnerabilities
2016-08-18 00:00:00
suse
suse
Security update for postgresql94 (important)
2016-09-29 17:11:33
Security update for postgresql93 (important)
2017-04-15 18:09:11
Security update for postgresql94 (important)
2016-10-06 15:09:31
fedora
fedora
[SECURITY] Fedora 25 Update: postgresql-9.5.4-1.fc25
2016-08-27 11:34:38
[SECURITY] Fedora 24 Update: postgresql-9.5.4-1.fc24
2016-08-23 12:53:00
[SECURITY] Fedora 23 Update: postgresql-9.4.9-1.fc23
2016-08-23 15:25:13
freebsd
freebsd
PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities
2016-08-11 00:00:00
PostgreSQL vulnerabilities
2017-05-11 00:00:00
redhat
redhat
(RHSA-2016:1781) Moderate: rh-postgresql94-postgresql security update
2016-08-31 05:21:42
(RHSA-2016:1821) Moderate: rh-postgresql95-postgresql security update
2016-09-07 08:20:05
(RHSA-2016:2606) Moderate: postgresql security and bug fix update
2016-11-03 06:07:16
archlinux
archlinux
postgresql: multiple issues
2016-08-14 00:00:00
kaspersky
kaspersky
KLA10910 Multiple vulnerabilities in PostgreSQL
2016-12-09 00:00:00
osv
osv
postgresql-9.4 - security update
2016-08-11 00:00:00
postgresql-9.1 - security update
2016-08-11 00:00:00
ibm
ibm
oraclelinux
oraclelinux
postgresql security and bug fix update
2016-11-09 00:00:00
centos
centos
postgresql security update
2016-11-25 15:42:13
mageia
mageia
Updated postgresql packages fix security vulnerability
2016-08-31 18:32:33
cvelist
cvelist
CVE-2016-5424
2016-12-09 23:00:00
CVE-2016-5423
2016-12-09 23:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:49:07
Denial Of Service (DoS)
2019-01-15 09:13:02
redhatcve
redhatcve
CVE-2016-5424
2016-08-11 17:48:30
CVE-2016-5423
2016-08-11 17:48:25
ubuntucve
ubuntucve
CVE-2016-5424
2016-08-11 00:00:00
CVE-2016-5423
2016-08-11 00:00:00
cve
cve
CVE-2016-5423
2016-12-09 23:59:00
CVE-2016-5424
2016-12-09 23:59:00
prion
prion
Null pointer dereference
2016-12-09 23:59:00
Code injection
2016-12-09 23:59:00
postgresql
postgresql
Vulnerability in client (CVE-2016-5424)
2016-12-09 23:59:00
Vulnerability in core server (CVE-2016-5423)
2016-12-09 23:59:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2017-01-12 00:00:00
photon
photon