Ubuntu Security Notification for Postgresql-9.1, Postgresql-9.3, Postgresql-9.5 Vulnerabilities (USN-3066-1)——漏洞银行丨0DAY BANK

It was discovered that PostgreSQL incorrectly handled certain nested CASE/WHEN expressions.

It was discovered that PostgreSQL incorrectly handled special characters in database and role names.

A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2016-5423)

A remote attacker could possibly use this issue to escalate privileges. (CVE-2016-5424)

Refer to Ubuntu advisory USN-3066-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3066-1: 12.04 (Precise) on src (postgresql-9.1)

USN-3066-1: 16.04 (Xenial) on src (postgresql-9.5)

USN-3066-1: 14.04 (Kylin) on src (postgresql-9.3)