Debian 10229 Published by

A postgresql-9.6 security update has been released for Debian GNU/Linux 9 Extended LTS to address two security issues.



ELA-737-1 postgresql-9.6 security update

Package : postgresql-9.6
Version : 9.6.24-0+deb9u2 (stretch)

Related CVEs :
CVE-2022-2625
CVE-2022-1552

CVE-2022-2625
Sven Klemm found that some extensions in the PostgreSQL database
system could replace objects not belonging to the extension. An
attacker could leverage this to run arbitrary commands as another
user.

CVE-2022-1552
Alexander Lakhin discovered that the autovacuum feature and multiple
commands could escape the “security-restricted operation” sandbox.

  ELA-737-1 postgresql-9.6 security update