New PostgreSQL packages have been made available for Debian GNU/Linux 9 (Stretch) Extended LTS to resolve a vulnerability stemming from inadequate neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(). This issue permits a database input provider to execute SQL injection under specific usage scenarios.
ELA-1414-1 postgresql-9.6 security update
ELA-1414-1 postgresql-9.6 security update
ELA-1414-1 postgresql-9.6 security update
Package : postgresql-9.6
Version : 9.6.24-0+deb9u9 (stretch)
Related CVEs :
CVE-2025-1094
PostgreSQL, a popular database, was affected by a vulnerability.
Improper neutralization of quoting syntax in PostgreSQL libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and
PQescapeStringConn() allows a database input provider to achieve
SQL injection in certain usage patterns.ELA-1414-1 postgresql-9.6 security update
