Debian 9975 Published by

A postgresql-9.6 security update has been released for Debian GNU/Linux 9 Extended LTS to address four security issues.



ELA-880-1 postgresql-9.6 security update

Package : postgresql-9.6
Version : 9.6.24-0+deb9u4 (stretch)

Related CVEs :
CVE-2023-2454
CVE-2023-2455
CVE-2023-2454:
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an attacker with elevated database-level privileges to execute arbitrary code.

CVE-2023-2455:
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.

ELA-880-1 postgresql-9.6 security update