Debian Local Security Checks : Debian Security Advisory DSA 3646-1 (postgresql-9.4

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703646

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3646-1 (postgresql-9.4 - security update)

Zusammenfassung: Several vulnerabilities have been;found in PostgreSQL-9.4, a SQL database system.;;CVE-2016-5423;Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN;expressions are not properly evaluated, potentially leading to a;crash or allowing to disclose portions of server memory.;;CVE-2016-5424;Nathan Bossart discovered that special characters in database and;role names are not properly handled, potentially leading to the;execution of commands with superuser privileges, when a superuser;executes pg_dumpall or other routine maintenance operations.

Beschreibung: Summary:
Several vulnerabilities have been
found in PostgreSQL-9.4, a SQL database system.

CVE-2016-5423
Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN
expressions are not properly evaluated, potentially leading to a
crash or allowing to disclose portions of server memory.

CVE-2016-5424
Nathan Bossart discovered that special characters in database and
role names are not properly handled, potentially leading to the
execution of commands with superuser privileges, when a superuser
executes pg_dumpall or other routine maintenance operations.

Affected Software/OS:
postgresql-9.4 on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 9.4.9-0+deb8u1.

We recommend that you upgrade your postgresql-9.4 packages.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5423
BugTraq ID: 92433
http://www.securityfocus.com/bid/92433
Debian Security Information: DSA-3646 (Google Search)
http://www.debian.org/security/2016/dsa-3646
https://security.gentoo.org/glsa/201701-33
RedHat Security Advisories: RHSA-2016:1781
http://rhn.redhat.com/errata/RHSA-2016-1781.html
RedHat Security Advisories: RHSA-2016:1820
http://rhn.redhat.com/errata/RHSA-2016-1820.html
RedHat Security Advisories: RHSA-2016:1821
http://rhn.redhat.com/errata/RHSA-2016-1821.html
RedHat Security Advisories: RHSA-2016:2606
http://rhn.redhat.com/errata/RHSA-2016-2606.html
RedHat Security Advisories: RHSA-2017:2425
https://access.redhat.com/errata/RHSA-2017:2425
http://www.securitytracker.com/id/1036617
Common Vulnerability Exposure (CVE) ID: CVE-2016-5424
BugTraq ID: 92435
http://www.securityfocus.com/bid/92435

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703646
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3646-1 (postgresql-9.4 - security update)
Zusammenfassung:	Several vulnerabilities have been;found in PostgreSQL-9.4, a SQL database system.;;CVE-2016-5423;Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN;expressions are not properly evaluated, potentially leading to a;crash or allowing to disclose portions of server memory.;;CVE-2016-5424;Nathan Bossart discovered that special characters in database and;role names are not properly handled, potentially leading to the;execution of commands with superuser privileges, when a superuser;executes pg_dumpall or other routine maintenance operations.
Beschreibung:	Summary: Several vulnerabilities have been found in PostgreSQL-9.4, a SQL database system. CVE-2016-5423 Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN expressions are not properly evaluated, potentially leading to a crash or allowing to disclose portions of server memory. CVE-2016-5424 Nathan Bossart discovered that special characters in database and role names are not properly handled, potentially leading to the execution of commands with superuser privileges, when a superuser executes pg_dumpall or other routine maintenance operations. Affected Software/OS: postgresql-9.4 on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 9.4.9-0+deb8u1. We recommend that you upgrade your postgresql-9.4 packages. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5423 BugTraq ID: 92433 http://www.securityfocus.com/bid/92433 Debian Security Information: DSA-3646 (Google Search) http://www.debian.org/security/2016/dsa-3646 https://security.gentoo.org/glsa/201701-33 RedHat Security Advisories: RHSA-2016:1781 http://rhn.redhat.com/errata/RHSA-2016-1781.html RedHat Security Advisories: RHSA-2016:1820 http://rhn.redhat.com/errata/RHSA-2016-1820.html RedHat Security Advisories: RHSA-2016:1821 http://rhn.redhat.com/errata/RHSA-2016-1821.html RedHat Security Advisories: RHSA-2016:2606 http://rhn.redhat.com/errata/RHSA-2016-2606.html RedHat Security Advisories: RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:2425 http://www.securitytracker.com/id/1036617 Common Vulnerability Exposure (CVE) ID: CVE-2016-5424 BugTraq ID: 92435 http://www.securityfocus.com/bid/92435
Copyright	Copyright (C) 2016 Greenbone Networks GmbH