FreeBSD : PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities (ca16fd0b-5fd1-11e6-a6f2-6cc21735f730)
Medium Nessus Plugin ID 92929
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionPostgreSQL project reports :
Security Fixes nested CASE expressions + database and role names with embedded special characters
- CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
- CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.
SolutionUpdate the affected packages.