PublicDateAtUSN: 2016-08-11
Candidate: CVE-2016-5423
PublicDate: 2016-12-09 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423
 https://www.postgresql.org/about/news/1688/
 https://ubuntu.com/security/notices/USN-3066-1
Description:
 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x
 before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to
 cause a denial of service (NULL pointer dereference and server crash),
 obtain sensitive memory information, or possibly execute arbitrary code via
 (1) a CASE expression within the test value subexpression of another CASE
 or (2) inlining of an SQL function that implements the equality operator
 used for a CASE expression involving values of different types.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1364001
Priority: medium
Discovered-by: Heikki Linnakangas
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H [8.3 HIGH]

Patches_postgresql-9.5:
 upstream: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f0c7b789ab12fbc8248b671c7882dd96ac932ef4
upstream_postgresql-9.5: released (9.5.4)
precise_postgresql-9.5: DNE
precise/esm_postgresql-9.5: DNE
trusty_postgresql-9.5: DNE
trusty/esm_postgresql-9.5: DNE
vivid/ubuntu-core_postgresql-9.5: DNE
vivid/stable-phone-overlay_postgresql-9.5: DNE
xenial_postgresql-9.5: released (9.5.4-0ubuntu0.16.04)
esm-infra/xenial_postgresql-9.5: released (9.5.4-0ubuntu0.16.04)
yakkety_postgresql-9.5: not-affected (9.5.4-1)
zesty_postgresql-9.5: DNE
devel_postgresql-9.5: DNE

Patches_postgresql-9.3:
upstream_postgresql-9.3: released (9.3.14)
precise_postgresql-9.3: DNE
precise/esm_postgresql-9.3: DNE
trusty_postgresql-9.3: released (9.3.14-0ubuntu0.14.04)
trusty/esm_postgresql-9.3: released (9.3.14-0ubuntu0.14.04)
vivid/ubuntu-core_postgresql-9.3: DNE
vivid/stable-phone-overlay_postgresql-9.3: DNE
xenial_postgresql-9.3: DNE
yakkety_postgresql-9.3: DNE
zesty_postgresql-9.3: DNE
devel_postgresql-9.3: DNE

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.23)
precise_postgresql-9.1: released (9.1.23-0ubuntu0.12.04)
precise/esm_postgresql-9.1: released (9.1.23-0ubuntu0.12.04)
trusty_postgresql-9.1: released (9.1.23-0ubuntu0.14.04)
trusty/esm_postgresql-9.1: DNE (trusty was released [9.1.23-0ubuntu0.14.04])
vivid/ubuntu-core_postgresql-9.1: DNE
vivid/stable-phone-overlay_postgresql-9.1: DNE
xenial_postgresql-9.1: DNE
yakkety_postgresql-9.1: DNE
zesty_postgresql-9.1: DNE
devel_postgresql-9.1: DNE

Patches_postgresql-8.4:
upstream_postgresql-8.4: needs-triage
precise_postgresql-8.4: ignored (reached end-of-life)
precise/esm_postgresql-8.4: DNE (precise was needs-triage)
trusty_postgresql-8.4: DNE
trusty/esm_postgresql-8.4: DNE
vivid/ubuntu-core_postgresql-8.4: DNE
vivid/stable-phone-overlay_postgresql-8.4: DNE
xenial_postgresql-8.4: DNE
yakkety_postgresql-8.4: DNE
zesty_postgresql-8.4: DNE
devel_postgresql-8.4: DNE