postgresql is vulnerable to privilege escalation vulnerability. Remote authenticated users could inject arbitrary code via database and role names with embedded special characters during administrative operations like pg_dumpall.
rhn.redhat.com/errata/RHSA-2016-1781.html
rhn.redhat.com/errata/RHSA-2016-1820.html
rhn.redhat.com/errata/RHSA-2016-1821.html
rhn.redhat.com/errata/RHSA-2016-2606.html
www.debian.org/security/2016/dsa-3646
www.securityfocus.com/bid/92435
www.securitytracker.com/id/1036617
access.redhat.com/errata/RHSA-2017:2425
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHSA-2016-1781.html
security.gentoo.org/glsa/201701-33
www.postgresql.org/about/news/1688/
www.postgresql.org/docs/current/static/release-9-1-23.html
www.postgresql.org/docs/current/static/release-9-2-18.html
www.postgresql.org/docs/current/static/release-9-3-14.html
www.postgresql.org/docs/current/static/release-9-4-9.html
www.postgresql.org/docs/current/static/release-9-5-4.html