Launchpad.net

CVE 2016-5424

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.

Related bugs and status

CVE-2016-5424 (Candidate) is related to these bugs:

Bug #1614113: New upstream microreleases 9.1.23, 9.3.14, 9.5.4

		In	Importance	Status
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.1 (Ubuntu)	Undecided	Invalid
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.3 (Ubuntu)	Undecided	Invalid
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.5 (Ubuntu Yakkety)	Undecided	Fix Released
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.1 (Ubuntu Precise)	Undecided	Fix Released
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.5 (Ubuntu Xenial)	Undecided	Fix Released
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.1 (Ubuntu Trusty)	Undecided	Fix Released
1614113	New upstream microreleases 9.1.23, 9.3.14, 9.5.4	postgresql-9.3 (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-5424

Related bugs and status

Related bugs

References